Over 700k DrayTek routers could be at risk from security threats

Multiple vulnerabilities have been addressed

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Networking gear manufacturer DrayTek has issued patches to address several vulnerabilities found in its residential and enterpriserouterline-up, including one with the maximum severity rating - 10/10.

The company urged its users to apply the patch immediately, since the flaw can be abused to take over vulnerable devices and move further into the compromised network.

According to the security advisory published with the patch, the critical-severity flaw is described as a buffer overflow bug in the “GetCGI()” function in the web user interface. It is tracked as CVE-2024-41592, and can be abused to either run denial-of-service (DoS) attacks, or remote code execution (RCE), when processing the query string parameters. Since the vulnerability affects different devices - including some that are past their end-of-life date - users are advised to look for the corresponding version on the DrayTekresource page.

700,000 flawed devices

Research from Forescout claims there are just above 700,000 routers with their UI exposed to the internet, and thus at risk of an attack. The majority is located in the United States, with notable mentions including Vietnam, the Netherlands, Taiwan, and Australia.

While certainly dangerous, the buffer overflow bug is not the only important vulnerability that the company addressed. In total, there were 14 vulnerabilities, collectively dubbed DRAY:BREAK. Two are rated critical, nine high, and three medium severity. The second critical vulnerability is tracked as CVE-2024-41585, and has a severity score of 9.1. It is anoperating system(OS) command injection flaw in the “recvCmd” binary, used for communication between the host and guest OS.

The entire list of the vulnerabilities can be found onthis link.

“Complete protection against the new vulnerabilities requires patching devices running the affected software,” Forescout said. “If remote access is enabled on your router, disable it if not needed. Use an access control list (ACL) and two-factor authentication (2FA) if possible.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaThe Hacker News

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

Apple iMac 24-inch M4 (2024) review: the best, and most colorful, all-in-one computer levels up