Over 700k DrayTek routers could be at risk from security threats

cables going into the back of a broadband router on white background

(Image credit: Shutterstock)

Networking gear manufacturer DrayTek has issued patches to address several vulnerabilities found in its residential and enterprise router line-up, including one with the maximum severity rating - 10/10.

The company urged its users to apply the patch immediately, since the flaw can be abused to take over vulnerable devices and move further into the compromised network.

According to the security advisory published with the patch, the critical-severity flaw is described as a buffer overflow bug in the “GetCGI()” function in the web user interface. It is tracked as CVE-2024-41592, and can be abused to either run denial-of-service (DoS) attacks, or remote code execution (RCE), when processing the query string parameters. Since the vulnerability affects different devices - including some that are past their end-of-life date - users are advised to look for the corresponding version on the DrayTek resource page.

700,000 flawed devices

Research from Forescout claims there are just above 700,000 routers with their UI exposed to the internet, and thus at risk of an attack. The majority is located in the United States, with notable mentions including Vietnam, the Netherlands, Taiwan, and Australia.

While certainly dangerous, the buffer overflow bug is not the only important vulnerability that the company addressed. In total, there were 14 vulnerabilities, collectively dubbed DRAY:BREAK. Two are rated critical, nine high, and three medium severity. The second critical vulnerability is tracked as CVE-2024-41585, and has a severity score of 9.1. It is an operating system (OS) command injection flaw in the “recvCmd” binary, used for communication between the host and guest OS.

The entire list of the vulnerabilities can be found on this link.

"Complete protection against the new vulnerabilities requires patching devices running the affected software," Forescout said. "If remote access is enabled on your router, disable it if not needed. Use an access control list (ACL) and two-factor authentication (2FA) if possible."

Via The Hacker News

More from TechRadar Pro

Healthcare organizations are having to pay millions to solve ransomware attacks
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.