Forescout Vedere Labs has recently unveiled a series of critical security vulnerabilities in DrayTek routers, exposing more than 700,000 devices to potential hacking. The vulnerabilities, collectively referred to as DRAY
, consist of 14 security flaws, including two rated as critical and nine categorized as high severity. Among the most alarming vulnerabilities is CVE-2024-41592, a buffer overflow in the router’s web user interface that can lead to remote code execution or denial-of-service (DoS) attacks. This flaw allows malicious actors to inject code into the router, potentially compromising not only the device itself but also the networks to which it connects.
Another significant vulnerability is CVE-2024-41585, which involves command injection in the router’s operating system. This flaw gives attackers the ability to take control of the router, making it an entry point for further attacks on enterprise networks. Additionally, the vulnerabilities include issues related to the use of the same administrative credentials across all systems, heightening the risk of full system compromise. Several cross-site scripting (XSS) flaws also allow attackers to execute malicious scripts within the router’s web interface, further increasing the potential for exploitation.
In response to these vulnerabilities, DrayTek has released patches to address all identified flaws, including those affecting end-of-life models. Cybersecurity experts recommend that users update their devices immediately to protect against these risks. They also advise disabling remote access unless absolutely necessary and implementing security measures such as access control lists and two-factor authentication to further enhance device security. These proactive steps can help mitigate the risks posed by the vulnerabilities and protect sensitive data.
The discovery of these vulnerabilities comes at a time when cybersecurity agencies from multiple countries are emphasizing the importance of robust security measures in operational technology environments. A joint advisory outlines critical principles for maintaining cybersecurity, including the need to secure data, segment networks, and ensure that personnel are adequately trained in security protocols. As the threat landscape continues to evolve, the need for vigilance and proactive measures in securing network devices, such as DrayTek routers, has never been more urgent.
