More than 37,000 DrayTek routers in Australia and New Zealand are vulnerable to hacking

More than 37,000 DrayTek routers in Australia and New Zealand are vulnerable to hacking

More than 37,000 DrayTek routers in Australia and New Zealand are vulnerable to hacking

Security researchers have found 14 new vulnerabilities in 24 Vigor router models, with more than 700,000 exposed worldwide.

Researchers at US cybersecurity firm Forescout have discovered 14 major vulnerabilities in DrayTek routers, ranging in severity from medium to a maximum severity of 10.

Forescout’s Vedere Labs specifically focused on DrayTek routers, as the company’s hardware is frequently attacked by a variety of threat actors and is widely spread across businesses of all sizes.

Additionally, DrayTek routers have had no fewer than 18 critical vulnerabilities reported since 2013.

In particular, the researchers took a close look at DrayOS and its web-based user interface.

“This component is often exposed to the Internet, has been found vulnerable several times recently, and likely has the largest attack surface,” Vedere Labs said in its report. Dray:Break: Break into DrayTek routers before threat actors do it again.

The researchers were not wrong.

In addition to the single CVE with a severity of 10, a second is also critical and nine are considered a medium threat. The vulnerabilities affect the following router models:

  • Vigor1000B, Vigor2962, Vigor3910
  • vigor3912
  • Vigor165, Vigor166
  • Vigor2135, Vigor2763, Vigor2765, Vigor2766
  • Vigor2865, Vigor2866, Vigor2915
  • Vigor2620, VigorLTE200
  • Vigor2133, Vigor2762, Vigor2832
  • Vigor2860, Vigor2925
  • Vigor2862, Vigor2926
  • Vigor2952, Vigor3220

Even though the last five model groups have reached end of life, DrayTek has released patches for all affected devices. Individually, vulnerabilities can lead to everything from complete system compromise to remote code execution and man-in-the-middle attacks.

According to Vedere Labs, threat actors could conduct espionage or leak data through the vulnerabilities or create automated botnets to launch distributed denial of service (DDoS) attacks.

A Shodan scan reveals a total of 704,525 exposed DrayTek routers. The vast majority are located in the EU, the UK and across Asia, but there are more than 37,000 compromised devices in Australia and New Zealand.

“DrayTek routers were found in 168 countries, of which the United Kingdom accounts for 36 percent, followed by Vietnam with 17 percent and the Netherlands with 9 percent,” Vedere Labs said.

“The prevalence of devices in these countries appears to be related to the use of DrayTek routers by popular ISPs.”

The majority of those routers are used by small and medium-sized businesses, while 25 percent are residential and 3 percent are used in business environments. The worrying thing is that 38 percent of all these devices remain vulnerable to a similar set of vulnerabilities reported two years ago.

“While the scope of these findings exceeded expectations, it was not entirely surprising,” Vedere Labs said.

“DrayTek is among many vendors that [do] “It does not appear to perform the necessary variant analysis and post-mortem analysis following vulnerability reports, which could lead to long-term improvements.”

You can read the full report here.

Leave a Reply

Your email address will not be published. Required fields are marked *