This week a serious DrayTek router vulnerability was exposed by researches at Trellix. Clocking in a mightily risky 10.0 score, unfortunately this vulnerability isn't as impressive as a Tom Daley 10m high dive scoring a perfect 10. Instead, it actually means this security risk is classed as critical, meaning it's an issue you should be dealing with urgently if you use the effected models within your WiFi network.
DrayTek routers have been growing in popularity due to their convenient size for small and midsize businesses (SMBs) who need to provide VPN access to employees.
Since the pandemic started, the need for DrayTek routers has increased with the mass migration of workers to work-from-home situations.
They are widely deployed throughout Asia and Europe, especially in the UK, and are known for being user-friendly and reliable.
Over 200,000 routers made by DrayTek are subject to a severe vulnerability, which could open companies up to network breaches.
If this vulnerability is exploited, it can lead to the complete compromise of the devices and unauthorised access to the broader network.
It is an issue that needs to be addressed quickly.
Many models of DrayTek routers have been identified as vulnerable to a new critical remote code execution vulnerability.
The DrayTek Vigor 3910 is a complete compromise by threat actors and is particularly at risk if it has an internet-facing management interface.
Researchers from cybersecurity firm Trellix identified the vulnerability within the model in a blog post and within 28 other devices from DrayTek that share the same code base.
They stressed that, at present, there are no examples of threat actors in the wild using vulnerability. We must also say how impressive DrayTek has handled the vulnerability, as they've already released a firmware patch to correct the issue, however, you'll need to update your firmware to make sure you're up to date and secure.
Two different groups of cybercriminals have been exploiting previously unknown vulnerabilities in DrayTek routers, load balancers, and VPN gateways since December 2019. These vulnerabilities also affected Vigor devices.
The cyber criminals were able to inject commands remotely, and the attacks continued until March 2020, when DrayTek released a patch for the two zero-day vulnerabilities.
Attackers can target routers through their LAN or, if the management interface is configured to be internet-facing, remotely over the internet.
Attackers that successfully exploit a vulnerability can take over the device, run code, and access internal resources.
It allows them to access sensitive data such as passwords and keys on the router, snoop on DNS requests and other unencrypted traffic, capture packets, and conduct man-in-the-middle and DDoS attacks.
To keep your devices secure, researchers recommend a few key things:
Following these recommendations can help keep your devices safe and secure.
Small to medium-sized enterprises (SMEs) must not take lightly the importance of their data and intellectual property (IP) or the likelihood that their edge devices could be used as part of a botnet attack. Furthermore, SMBs also risk becoming a steppingstone for attackers wanting to infiltrate their customers' networks.
To protect your business with DrayTek routers, always keep the firmware patched and up to date. Additionally, researchers from Trellix suggest that you should never expose the management interface to the internet unless it is required.
If you must, then be sure to use two-factor authentication and IP restrictions.
Also, once you apply a patch, check that port mirroring, DNS settings, authorised VPN access, and other relevant settings have not tampered with the management interface.
We understand that cyber security is complex and overwhelming. If you need support in updating your WiFi network hardware’s firmware or you want to run a security audit on your existing network, get in touch with Haptic today.