14 DrayTek vulnerabilities patched, together with max-severity RCE flaw – Cyber Tech

DrayTek patched 14 vulnerabilities affecting 24 of its router fashions, together with a most severity buffer overflow flaw that would result in distant code execution (RCE) or denial-of-service (DoS).

The 2 critical-, 9 high- and three medium-severity DrayTek bugs have been found by Forescout Analysis’s Vedere Labs and described in a report titled “DRAY:BREAK” printed Thursday.

Shodan searches performed by the researchers additionally revealed roughly 704,525 DrayTek gadgets uncovered to the web, regardless of vendor suggestions that the DrayTek internet consumer interface solely be accessible to these inside one’s native community. About 38% of those uncovered gadgets, or greater than 267,000 routers, are vulnerable to comparable years-old vulnerabilities, the report revealed.

DrayTek routers are in widespread use all through varied industries, together with healthcare, manufacturing and authorities, and about 75% of the internet-exposed gadgets found are meant for enterprise use, in keeping with Forescout.

Moreover, lower than 3% of the uncovered gadgets have been up to date to the most recent DrayTek firmware model, and the preferred model discovered, 3.8.9.2, was launched greater than six years.

“To safeguard towards these vulnerabilities, organizations should instantly patch affected DrayTek gadgets with the most recent firmware. Disabling pointless distant entry, implementing Entry Management Lists and two-factor authentication, and monitoring for anomalies by way of syslog logging are all essential steps,” Daniel dos Santos, head of safety analysis at Forescout Analysis – Vedere Labs, stated in an announcement.

A number of DrayTek flaws threat RCE, DoS, XSS

Probably the most extreme DrayTek bug found, tracked as CVE-2024-41492, is a buffer overflow vulnerability within the “GetCGI()” perform of the DrayTek Vigor internet UI. This flaw causes errors when processing question string parameters, which might enable for RCE or DoS by an unauthenticated attacker.

One other important flaw, tracked as CVE-2024-41585, entails the “recvCmd” binary, which is utilized by the host working system to speak with the visitor OS and vice versa. This binary is vulnerable to OS command injection, which may additionally result in digital machine escape, the DRAY:BREAK report states.

Among the many 14 vulnerabilities disclosed are 9 high-severity bugs with CVSS scores starting from 7.2 to 7.6, a number of of which may result in DoS and RCE. One of many flaws, tracked as CVE-2024-41589, lies in the truth that the identical admin credentials are used throughout all the system, together with each the host and visitor OS, which might result in full system compromise if these credentials are compromised.

Moreover, three medium-severity bugs with CVSS scores of 4.9 might allow cross-site scripting (XSS) as a result of inadequate enter sanitization enabling the injection of arbitrary JavaScript code below sure circumstances.

DrayTek has launched mounted firmware variations for the affected gadgets, though 11 of the affected gadgets have already reached end-of-life (EoL) and thus solely obtained fixes for essentially the most extreme flaw, CVE-2024-41502. The DAY:BREAK report supplies a full record of affected fashions and stuck variations; DrayTek didn’t seem to have a safety advisory for these flaws printed on its web site as of Thursday afternoon.

EoL routers, previous vulnerabilities usually focused by menace actors

Outdated, susceptible routers pose an ongoing and severe menace to houses and companies; Forescout says almost two-thirds – 63% – of the internet-exposed DrayTek gadgets it present in its search have been both end-of-sale or EoL. Companies are inspired to determine and exchange any EoL gadgets to keep away from exploitation of any unmitigated vulnerabilities.

Whereas there is no such thing as a indication the 14 latest vulnerabilities found by Forescout have been exploited within the wild, attackers are actively concentrating on DrayTek flaws as proven by the addition of three DrayTek vulnerabilities to the Cybersecurity and Infrastructure Safety Company’s (CISA) Recognized Exploited Vulnerabilities (KEV) catalog final month, together with a important four-year-old vulnerability added earlier this week.  

The Forescout report additionally factors out that a number of comparable vulnerabilities, usually affecting the identical capabilities, have come up in varied DrayTek gadgets and firmware variations over the previous few years, suggesting a scarcity of variant evaluation and autopsy analyses after such vulnerabilities are reported and patched.

“Somebody discovering 14 new vulnerabilities on the identical time probably tells you that in depth vulnerability testing was not executed by the seller. The bigger actuality is that this identical discovering is probably going true in regards to the majority of internet-connected gadgets and that is simply the one we’re studying about as we speak,” Roger Grimes, data-driven protection evangelist at KnowBe4, stated in an electronic mail to SC Media.