Thousands of DrayTek Routers at Risk From 14 Vulnerabilities
Several of the flaws enable remote code execution and denial-of-service attacks while others enable data theft, session hijacking, and other malicious activity.
Routers are network gateways whose flaws, misconfigurations, or exposed interfaces can enable unauthorized access, interception, or service disruption.
Search across headline titles and summaries.
Background for this topic.
Routers are network devices that forward packets between separate networks, using destination addresses to choose a path. A home router usually connects a local network to the internet and may also provide wireless access, address assignment, network address translation, firewall rules, VPN termination, or DNS forwarding. Enterprise routers can connect internal segments, data centers, and remote sites.
In security, a router is both a traffic-control point and an attack surface. Vulnerable firmware, exposed administrative services, weak credentials, or unnecessary remote management can let an attacker alter routing, redirect traffic, or use the device to reach other systems; misconfigured rules can expose internal services. Reduce risk by keeping firmware supported and updated, restricting management to trusted networks, using strong unique authentication, disabling unneeded services, separating networks, and reviewing logs and configurations. During an incident, router configuration and routing or DNS changes can provide useful evidence, while tested backups help restore trusted connectivity.
Several of the flaws enable remote code execution and denial-of-service attacks while others enable data theft, session hijacking, and other malicious activity.
With 14 serious security flaws found, what a gift for spies and crooks Fourteen bugs in DrayTek routers — including one critical remote-code-execution flaw that received a perfect 10 out of 10 CVSS severity rating — could be abused by crooks looking to seize control of the equipment to then steal sensitive data, deploy ransomware, and launch denial-of-service attacks.…
A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices
DrayTek has released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10. [...]