DrayTek Patches 14 Vulnerabilities, Including Critical Buffer Overflow Flaws

 

DrayTek recently patched 14 vulnerabilities in 24 router models, including a critical buffer overflow flaw that could allow remote code execution (RCE) or denial of service (DoS). The vulnerabilities, identified by Forescout Research’s Vedere Labs and described in their “DRAY:BREAK” report, include two critical flaws, nine high-severity flaws, and three medium-severity issues. 

The most severe flaw, CVE-2024-41492, involves the “GetCGI()” function in the web user interface, allowing attackers to exploit query string parameters and execute RCE or DoS attacks. Another critical flaw, CVE-2024-41585, involves OS command injection via the “recvCmd” binary, which could lead to a virtual machine escape. Forescout’s analysis of exposed DrayTek devices revealed more than 700,000 connected devices vulnerable to similar flaws. Of these, nearly 38% remain susceptible to exploitation due to outdated firmware or years-old vulnerabilities. 

Notably, less than 3% of exposed devices have installed the latest firmware, with many still using version 3.8.9.2, which is over six years old. Furthermore, a significant portion of these devices, often used in business sectors such as healthcare and manufacturing, are vulnerable as they haven’t been updated to the latest firmware despite vendor recommendations. To mitigate the risk, organizations using DrayTek routers should immediately patch their devices with the latest firmware updates. Disabling remote access, enabling two-factor authentication, and implementing Access Control Lists (ACLs) are also vital measures to secure the devices. 

Furthermore, continuous monitoring using syslog logging for any unusual activity can help detect and mitigate potential threats. Forescout’s report emphasizes that outdated routers pose a serious threat, with about 63% of the exposed devices being end-of-sale or end-of-life (EoL) models. Such outdated devices are a prime target for attackers, as demonstrated by the addition of older DrayTek vulnerabilities to the Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities catalog. 

Although no evidence currently exists of exploitation of these newly discovered vulnerabilities, the risk remains high, especially given the long-standing pattern of recurring flaws in DrayTek devices. The security of DrayTek routers hinges on timely updates and robust security measures. The newly patched vulnerabilities, while not yet exploited, demonstrate the importance of ongoing vigilance and proactive cybersecurity measures, especially in industries reliant on these devices for network access.