Risky Routers

Man plugging in an ethernet cable to a wireless router

DrayTek has released security updates for 24 router models to fix a number of vulnerabilities, including a severe remote code execution flaw, which has been rated as the highest possible risk level.  It is anticipated that around 785,000 DrayTek routers might be affected, with more than 704,500 having their web interface exposed to the internet.

Forescout’s Vedere Labs found the 14 vulnerabilities. They reported that the DrayTek routers exposed to the flaws were mainly situated in Europe and Asia. With the vast majority of routers being used in businesses, this poses a significant risk. Any successful attack could cause major downtime, loss of customer trust, and possible fines.

The vulnerabilities affect both currently supported models and those that are no longer supported.  However, due to the risks, DrayTek has provided fixes for both, with five key weaknesses requiring urgent attention:

  • A bug that can crash the router or allow remote control of it
  • A command injection flaw allowing hackers to run unauthorised commands
  • A weakness in security for internet connections that could expose information
  • A vulnerability that allows complete system access if admin credentials are stolen
  • A flaw that could allow hackers to inject malicious code.

Although there have been no reports of these flaws being actively exploited, users are urged to update their software immediately.

It is recommended that DrayTek users should:

Disable remote access if it’s not needed or secure it with extra controls

  • Check settings for unauthorised changes
  • Turn off SSL VPN access on port 443
  • Enable system logging to detect suspicious activity
  • Always use secure (HTTPS) connections on their web browsers.

It’s also advised that users disable remote access to reduce the risk of attacks targeting these vulnerabilities.

Since DrayTek routers have been frequently targeted by attackers, it’s a timely reminder for businesses to adopt a proactive approach to protect against future threats.  If you’re concerned about any such attack, whether you have a Draytek router or not, feel free to get in touch for a friendly chat.  We pride ourselves on supporting local (Crawley, Gatwick and the West Sussex region).