Just over a dozen new security vulnerabilities have been discovered in residential and corporate routers manufactured by DrayTek that could be used to hijack vulnerable devices.
“These vulnerabilities could allow attackers to take control of a router by injecting malicious code, allowing them to remain on the device and use it as a gateway to corporate networks,” according to a Forescout Vedere Labs technical report shared with The Hacker News.
Of the 14 security flaws, two are rated critical, nine are rated high, and three are rated moderate. The most critical of the flaws is the flaw that received a maximum CVSS score of 10.0.
This is a buffer overflow bug in the “GetCGI()” function in the web UI that could lead to a denial of service (DoS) or remote code execution (RCE) when processing request string parameters.
Another critical vulnerability is related to the injection of an operating system (OS) command into the “recvCmd” binary used to communicate between the host and the guest OS.
The remaining 12 disadvantages are listed below –
- Using the same administrator credentials across the entire system, resulting in a complete system compromise (CVSS Score: 7.5)
- A cross-site scripting (XSS) vulnerability has been identified in the web interface (CVSS score: 7.5)
- Fixed XSS vulnerability in the web interface when customizing the user’s login welcome message (CVSS score: 4.9)
- Fixed XSS vulnerability in the web interface when configuring a custom router name to display to users (CVSS score: 4.9)
- Exposed XSS vulnerability in web interface login page (CVSS score: 4.9)
- Buffer overflow vulnerabilities in web interface CGI pages “/cgi-bin/v2x00.cgi” and “/cgi-bin/cgiwcg.cgi” leading to DoS or RCE (CVSS score: 7.2)
- Buffer overflow vulnerabilities in web interface CGI pages leading to DoS or RCE (CVSS score: 7.2)
- Stack buffer overflow vulnerability in web interface page “/cgi-bin/ipfedr.cgi” leads to DoS or RCE (CVSS score: 7.2)
- Multiple web interface buffer overflow vulnerabilities leading to DoS or RCE (CVSS Score: 7.2)
- Heap-based buffer overflow vulnerability in the web interface ft_payloads_dns() function leads to DoS (CVSS score: 7.2)
- An off-the-record vulnerability in the web interface that leads to a DoS or RCE (CVSS score: 7.2)
- An information disclosure vulnerability in the web server backend for the web interface that could allow a threat actor to execute a man-in-the-middle (AitM) attack (CVSS Score: 7.6)
Forescout analysis found that more than 704,000 DrayTek routers have their web interface exposed to the Internet, making it a rich attack surface for attackers. Most of the exposed cases are in the US, followed by Vietnam, the Netherlands, Taiwan and Australia.
After responsible disclosure, all identified deficiencies were corrected released by DrayTek, with the highest-rated vulnerability also being addressed in 11 end-of-life (EoL) models.
“Complete protection against new vulnerabilities requires patching devices running the affected software,” Forescout said. “If your router has remote access enabled, turn it off when you don’t need it. Use access control list (ACL) and two-factor authentication (2FA) whenever possible.”
The development comes after cybersecurity agencies from Australia, Canada, Germany, Japan, the Netherlands, New Zealand, South Korea, the UK and the US released joint guidance for critical infrastructure organizations to help maintain a safe and secure operational technology (OT) environment. .
The document, titled Cybersecurity Principles for Operational Technologies, lays out six key principles –
- Safety comes first
- Business knowledge is critical
- OT data is very valuable and needs to be protected
- Segment and separate the OT from all other networks
- The supply chain must be secure
- People are important to OT cyber security
“Rapidly filtering decisions to identify those that affect OT security will increase the adoption of reliable, informed and comprehensive decisions that promote safety, security and business continuity in the design, implementation and management of OT environments,” the agencies note. said.
