More than 37,000 DrayTek routers in Australia and New Zealand are vulnerable to hacking

More than 37,000 DrayTek routers in Australia and New Zealand are vulnerable to hacking

More than 37,000 DrayTek routers in Australia and New Zealand are vulnerable to hacking

Security researchers have discovered 14 new vulnerabilities in 24 Vigor router models, with more than 700,000 exposed worldwide.

Researchers from American cybersecurity company Forescout discovered 14 significant vulnerabilities in DrayTek routers, ranging from medium to one with a maximum severity of 10.

Forescout’s Vedere Labs focused specifically on DrayTek routers because the company’s hardware is frequently targeted by a wide range of threat actors and is widely found in businesses of all sizes.

Additionally, no less than 18 critical vulnerabilities have been reported on DrayTek routers since 2013.

In particular, researchers took a close look at DrayOS and its web user interface.

“This component is often exposed to the Internet, has been found vulnerable several times recently, and likely has the largest attack surface,” Vedere Labs said in its report: Dray:Break – Break into DrayTek routers before threat actors do it again.

The researchers were not wrong.

Next to the single CVE with a severity rating of 10, a second is also critical and nine are considered a medium threat. The vulnerabilities affect the following router models:

  • Vigor1000B, Vigor2962, Vigor3910
  • Vigor3912
  • Vigor165, Vigor166
  • Vigor2135, Vigor2763, Vigor2765, Vigor2766
  • Vigor2865, Vigor2866, Vigor2915
  • Vigor2620, VigorLTE200
  • Vigor2133, Vigor2762, Vigor2832
  • Vigor2860, Vigor2925
  • Vigor2862, Vigor2926
  • Vigor2952, Vigor3220

Although the last five model groups are at end-of-life, DrayTek has released fixes for all affected devices. Individually, vulnerabilities can lead to everything from complete system compromise to remote code execution and man-in-the-middle attacks.

According to Vedere Labs, malicious actors could conduct espionage or data exfiltration via the vulnerabilities or create automated botnets to launch distributed denial of service (DDoS) attacks.

A Shodan analysis reveals a total of 704,525 DrayTek routers exposed. The vast majority are in the EU, UK and across Asia, but there are more than 37,000 compromised devices in Australia and New Zealand.

“DrayTek routers were found in 168 countries, with the UK alone accounting for 36 percent, followed by Vietnam with 17 percent and the Netherlands with 9 percent,” Vedere Labs said.

“The prevalence of the devices in these countries appears to be linked to the use of DrayTek routers by popular ISPs.”

Most of these routers are used by small and medium-sized businesses, while 25 percent are residential, and 3 percent are used in businesses. Worryingly, 38% of all these devices remain vulnerable to a series of similar vulnerabilities reported two years ago.

“Although the magnitude of these findings exceeded all our expectations, they were not entirely surprising,” Vedere Labs said.

“DrayTek is one of many suppliers that [do] does not appear to perform the necessary variant analysis and post-mortem analysis after vulnerability reports – which could lead to long-term improvements.

You can read the full report here.

Tech Layoffs Signal End of Office Perks

Tech Layoffs Signal End of Office Perks

Scammers set to pounce on Australian holiday shoppers with advanced scams

Australian Banks and Meta Team Up to Combat Facebook Celebrity Scams

Leave a Reply

Your email address will not be published. Required fields are marked *