A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices.
“These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks,” Forescout Vedere Labs said in a technical report shared with The Hacker News.
Of the 14 security flaws, two are rated critical, nine are rated high, and three are rated medium in severity. The most critical of the shortcomings is a flaw that has been awarded the maximum CVSS score of 10.0.
It concerns a buffer overflow bug in the “GetCGI()” function in the Web user interface that could lead to a denial-of-service (DoS) or remote code execution (RCE) when processing the query string parameters.
Another critical vulnerability relates to a case of operating system (OS) command injection in the “recvCmd” binary used for communications between the host and guest OS.
The remain 12 flaws are listed below –
Forescout’s analysis found that over 704,000 DrayTek routers have their Web UI exposed to the internet, making it an attack-rich surface for malicious actors. A majority of the exposed instances are located in the U.S., followed by Vietnam, the Netherlands, Taiwan, and Australia.
Following responsible disclosure, patches for all the identified flaws have been released by DrayTek, with the max-rated vulnerability also addressed in 11 end-of-life (EoL) models.
“Complete protection against the new vulnerabilities requires patching devices running the affected software,” Forescout said. “If remote access is enabled on your router, disable it if not needed. Use an access control list (ACL) and two-factor authentication (2FA) if possible.”
The development comes as cybersecurity agencies from Australia, Canada, Germany, Japan, the Netherlands, New Zealand, South Korea, the U.K., and the U.S. issued joint guidance for critical infrastructure organizations to help maintain a safe, secure operational technology (OT) environment.
The document, titled “Principles of operational technology cybersecurity,” outlines six foundational rules –
“Quickly filtering decisions to identify those that impact the security of OT will enhance the making of robust, informed, and comprehensive decisions that promote safety, security and business continuity when designing, implementing, and managing OT environments,” the agencies said.