1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Over 700k DrayTek routers could be at risk from security threats

    From TechnologyDaily@1337:1/100 to All on Thu Oct 3 12:45:05 2024
    Over 700k DrayTek routers could be at risk from security threats

    Date:
    Thu, 03 Oct 2024 11:30:00 +0000

    Description:
    Multiple vulnerabilities have recently been addressed, including one with a maximum severity rating.

    FULL STORY ======================================================================

    Networking gear manufacturer DrayTek has issued patches to address several vulnerabilities found in its residential and enterprise router line-up, including one with the maximum severity rating - 10/10.

    The company urged its users to apply the patch immediately, since the flaw
    can be abused to take over vulnerable devices and move further into the compromised network.

    According to the security advisory published with the patch, the critical-severity flaw is described as a buffer overflow bug in the GetCGI() function in the web user interface. It is tracked as CVE-2024-41592, and can be abused to either run denial-of-service (DoS) attacks, or remote code execution (RCE), when processing the query string parameters. Since the vulnerability affects different devices - including some that are past their end-of-life date - users are advised to look for the corresponding version on the DrayTek resource page . 700,000 flawed devices

    Research from Forescout claims there are just above 700,000 routers with
    their UI exposed to the internet, and thus at risk of an attack. The majority is located in the United States, with notable mentions including Vietnam, the Netherlands, Taiwan, and Australia.

    While certainly dangerous, the buffer overflow bug is not the only important vulnerability that the company addressed. In total, there were 14 vulnerabilities, collectively dubbed DRAY:BREAK. Two are rated critical, nine high, and three medium severity. The second critical vulnerability is tracked as CVE-2024-41585, and has a severity score of 9.1. It is an operating system (OS) command injection flaw in the recvCmd binary, used for communication between the host and guest OS.

    The entire list of the vulnerabilities can be found on this link .

    "Complete protection against the new vulnerabilities requires patching
    devices running the affected software," Forescout said. "If remote access is enabled on your router, disable it if not needed. Use an access control list (ACL) and two-factor authentication (2FA) if possible."

    Via The Hacker News More from TechRadar Pro Healthcare organizations are having to pay millions to solve ransomware attacks Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/over-700k-draytek-routers-could-be-at-r isk-from-security-threats


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)