Critical RCE vulnerability impacts 29 models of DrayTek routers
Researchers at Trellix have discovered a critical unauthenticated remote code execution (RCE) vulnerability impacting 29 models of the DrayTek Vigor series of business routers. [...]
Unauthenticated access lets systems or services be used without verifying identity, increasing the risk of data exposure, tampering, or abuse.
Search across headline titles and summaries.
Background for this topic.
Unauthenticated describes a request, session, or service that has not verified the requester’s identity. This may be intentional for public content or health checks, but in security reporting the term often highlights an interface that can be reached without credentials, such as an administration panel, API, database, or device-management service. It does not by itself mean the requester is authorized to perform every action; authentication and authorization are separate controls.
Unauthenticated exposure matters when it permits sensitive data retrieval, configuration changes, or exploitation of a vulnerability without a prior login. Security teams should identify such interfaces during asset discovery and vulnerability management, confirm that public access is necessary, and enforce authentication and least-privilege authorization where it is not. Network restrictions, safe defaults, logging, and alerts for unexpected access help reduce exposure and support investigation when an unauthenticated endpoint is abused.
Researchers at Trellix have discovered a critical unauthenticated remote code execution (RCE) vulnerability impacting 29 models of the DrayTek Vigor series of business routers. [...]
As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated, remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the device and unauthorized access to the broader network
Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution (RCE) or cause a denial-of-service (DoS) condition on affected devices
Cisco has fixed critical security vulnerabilities affecting Small Business VPN routers and enabling unauthenticated, remote attackers to execute arbitrary code or commands and trigger denial of service (DoS) conditions on vulnerable devices. [...]
Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions
VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges. [...]