Serious vulnerability discovered in DrayTek routers

Antivirus Security A vulnerability in 29 DryTek routers could be exploited to take control of the device and access shared resources. DryTek

Trellix experts have identified a serious vulnerability in 29 DryTek routers that could be exploited to take control of the device and perform various types of cyber attacks. The Taiwanese manufacturer promptly released the new firmware, so users should install the update right away to avoid risks. Bugs in DryTek routers: patch available Drytek routers are widely used as they allow companies to offer employees an easy way to access the VPN. Starting from the analysis of the Vigor3910 model, Trellix experts discovered a remote code execution (RCE) vulnerability, indicated by CVE-2022-32548, in 28 other routers. The bug could be exploited by cybercriminals to take control of the device and access shared resources in the local network. During the research, more than 200,000 vulnerable and reachable routers from the Internet were identified. The vulnerability is present in the management web interface. Using a particular string such as username or password you can cause a buffer overflow and take control of the DryOS operating system. An attacker could then steal sensitive data stored in the router, access shared resources on the network, carry out man-in-the-middle attacks, intercept DNS requests, capture packets on every port on the router, use the device as a bot for DDoS attacks.