Forescout Technologies has found more than a dozen vulnerabilities, including critical flaws that can allow remote hacking, in routers made by Taiwanese networking equipment maker DrayTek.
Collectively tracked as DRAY:BREAK, the 14 vulnerabilities impact two dozen DrayTek Vigor router models. The vendor has developed firmware patches for all of the security holes, but half of the impacted routers have reached end of life and will not receive fixes.
On the other hand, many of the owners of these devices don’t seem to pay any attention to patching, with nearly 40% of the routers seen by Forescout still being impacted by vulnerabilities found years ago, including flaws that are known to have been exploited in the wild.
Forescout has identified more than 700,000 internet-exposed DrayTek routers, a majority in Europe and Asia. Nearly three-quarters of these routers are used commercially and 63% are no longer sold or supported.
It’s unclear exactly how many of the 700,000 devices are exposed to attacks due to the recently found vulnerabilities, but Forescout believes hundreds of thousands are vulnerable.
Most of the DrayTek router vulnerabilities found by the cybersecurity firm have been assigned ‘critical’ or ‘high’ severity ratings. The most serious of them can be exploited to remotely take full control of devices.
“Since the new vulnerabilities allow attackers to take full control of routers, which are perimeter devices that sit at the edge between internal and external networks, they open up numerous possible attack scenarios,” Forescout warned.
According to the company, the vulnerabilities can be exploited for espionage or data exfiltration by deploying rootkits that survive reboots and firmware updates, or by intercepting network traffic in order to harvest credentials and other sensitive information.
Threat actors could also leverage these flaws to move to other devices on the victim’s internal network, which can be useful for deploying ransomware or causing damage. Attackers could also leverage compromised routers for botnets that enable DDoS attacks, cryptocurrency mining, and proxying traffic.
“High-performance routers, such as the Vigor3910, could even be repurposed as command-and-control (C2) servers, enabling attackers to launch further attacks on other victims,” Forescout explained.
Related: SMBs Exposed to Attacks by Critical Vulnerability in DrayTek Vigor Routers
Related: D-Link Patches Critical Router Vulnerabilities
Related: D-Link Warns of Code Execution Flaws in Discontinued Router Model
Related: Hackers Target Vulnerability Found Recently in Long-Discontinued D-Link Routers
