According to TechRadar, hundreds of thousands of DrayTek routers, including many used in Vietnam, are at risk due to serious security vulnerabilities. Among these, one flaw has been rated as the most critical.
Recently, DrayTek - a network equipment manufacturer, released emergency patches for 14 newly discovered security vulnerabilities in their routers. The most notable is a buffer overflow vulnerability (CVE-2024-41592) in the web user interface, allowing remote attackers to gain control of the device. Attackers can launch denial-of-service (DoS) attacks or execute malicious code (RCE). This vulnerability has been rated a severity level of 10/10.
More than 700,000 DrayTek routers affected
A study by Forescout revealed that over 700,000 DrayTek routers globally are at risk due to this flaw. The United States has the largest number of affected devices, followed by Vietnam, the Netherlands, Taiwan and Australia.
In addition to CVE-2024-41592, DrayTek has also released patches for 13 other vulnerabilities, including another critical flaw (CVE-2024-41585) that allows malicious code injection into the operating system. These vulnerabilities are collectively referred to as DRAY.
DrayTek urges users to update their devices with the patches as soon as possible. Users are also advised to disable remote access if not needed and to implement access control lists (ACL) along with two-factor authentication (2FA) to enhance security. Forescout emphasized the importance of software updates and security measures to mitigate risks.
Source: Thanhnien.vn