Now-patched RCE bug impacts dozens of DrayTek Vigor router models.
A critical security vulnerability impacting DrayTek Vigor routers could allow unauthenticated attackers to gain full access to victim networks.
The flaw affects the Taiwanese hardware manufacturer’s popular Vigor 3910 router, along with nearly 30 other models that share the same codebase.
200,000 exposed devices
The DrayTek router vulnerability was discovered by researchers from Trellix, who found that by triggering a buffer overflow in the web management interface, they could take over the underlying DrayOS.
“During our research we uncovered over 200,000 devices which have the vulnerable service currently exposed on the internet and would require no user interaction to be exploited,” Trellix security researcher Philippe Laulheret writes in a technical blog post.
Exploiting this vulnerability can lead to a complete compromise of the device and can enable a malicious actor to access internal resources of the breached networks.
Failed exploitation attempts can lead to device reboot, denial of service, and other abnormal behavior.
A security advisory released yesterday (August 4) includes the full list of impacted router models.
“Our standard best practice recommendation is to always keep firmware up to date, but we recommend that you check that affected units are running at least the firmware version [listed],” the vendor said.
As outlined in an accompanying CERT NZ advisory this week, there has been no evidence to indicate that this vulnerability has been exploited in the wild.
“However, we strongly recommend you investigate and patch any DrayTek devices on your network as soon as possible to prevent them from being compromised,” the advisory reads.
Greg Fitzgerald, co-founder of Sevco Security, said: “Identifying and patching the known routers is a must, but organizations will still be vulnerable if there are abandoned devices connected to the network that are affected.”
Daily Swig has asked the researchers if they have seen a reduction in the number of exposed devices since the fixes were pushed out. This article will be updated when fresh information comes to hand.
The Trellix team will release more details about how the vulnerability was discovered and exploited in an upcoming presentation at Hexacon in France on October 14-15.
Troops strike the Boko Haram commander and 27 others in Borno
Director of “Blood Sisters” Biyi Bandele passes away at 54
Davido posts a screenshot of himself and Chioma on a video conversation with the caption, “My gist partner.”
Dame Olivia Newton-John, a star of Grease, passes away at age 73
The Comanche warrior paint’s significance is explained by Prey star Amber Midthunder
Hold Me Closer, a collaboration song between Britney Spears and Sir Elton John, making the singer’s first single to be released since 2016
Your daily horoscope for Tuesday, August 9, 2022
BBNaija S7: Phyna, Bryann, Groovy, Ilebaye, and Khalid are up for eviction
“I’m sorry for all the embarrassment I’ve caused my wife, my kids, my mother and all our families,” – Two Face Idibia
How and when to view the best meteor shower of the year, the Perseids meteor shower, in 2022
Apple allegedly instructs suppliers to avoid labeling shipments to China with “Made in Taiwan”
Super Eagles hero celebrates Premier League accomplishment as “Dream Turns Reality”
Frenkie de Jong makes Chelsea transfer decision in phone call with Todd Boehly
Police re-arrest 25 other suspects and the escapee from Jos prison
Lagos policeman shoot and murder an ex-convict while battling with armed criminals
Cleaner received an eight-month sentence for stealing a laptop bag
Dariye and Nyame recover their freedom, 4 months after Buhari’s pardon
BREAKING: WAEC announces the 2022 WASSCE results
“Buga” is a victory song for Nigerian medalists
Kizz Daniel dazzles in a sold-out performance in Uganda
After four years of marriage, Gideon Okeke’s wife is getting a divorce
BBNaija S7: Beauty’s brother burns critics over disqualification: “Calm down, her script was wonderful.”
Your daily horoscope for Monday, August 8, 2022
#BBNaija: Christy O, Cyph evicted
Deadly Barcelona Thrashed PUMAS to win trophy, Lewandoski gets debut goal
Reactions to Manchester City’s opening-game 2-0 victory over West Ham: “Erling Haaland is scary.”
BBNaija S7: Beauty eliminated from reality TV show
Erik Ten Hag Chops First Breakfast as Man Utd Manager as Brighton Wins 2-1
Man Utd must let Ronaldo leave – Wayne Rooney
Australia Scholarship: Apply for Griffith University degree scholarship, 2022
Edo Govt To Recruit 1000 New Teachers, Train 650 Others
Ebonyi Govt Laments Destruction Of Airport Fence
Transfer: Real Madrid star, Isco to Sevilla as free agent
Transfer: Neto joins Bournemouth from Barcelona
Kano loses one pilgrim in Saudi Arabia
Tobi Amusan wins a gold medal at the Commonwealth Games and breaks a record
Deposed Emir Sanusi: “I’ll keep speaking out to rebuild Nigeria.”
Religious organizations disagree on how to pay for the Jos Main Market project
Jenkins security: The most recent plugin advisory contains flaws with unpatched XSS and CSRF
ParseThru: Multiple Go apps have been found to have an HTTP parameter smuggling issue
[STORY] THE WITCH’S DAUGHTER (Complete Episodes)
[STORY] MONEY OVER LOVE (Complete Episodes)
[STORY] WHAT MY ELDER BROTHER’S WIFE TAUGHT ME (Complete Episodes)
[STORY] SADE’S HEART TALE (Episode 19)
[STORY] THE WITCH’S DAUGHTER (Episode 07)
[STORY] MONEY OVER LOVE (Episode 01)
[STORY] WHAT MY ELDER BROTHER’S WIFE TAUGHT ME (Episode 01)
[STORY] THE WITCH’S DAUGHTER (Episode 01)
[STORY] THE WITCH’S DAUGHTER (Episode 03)
[STORY] MONEY OVER LOVE (Episode 09)
[STORY] WHAT MY ELDER BROTHER’S WIFE TAUGHT ME (Final Episode 04)
[STORY] THE WITCH’S DAUGHTER (Episode 05)
[STORY] THE WITCH’S DAUGHTER (Episode 04)
[STORY] WHAT MY ELDER BROTHER’S WIFE TAUGHT ME (Episode 02)
[STORY] WHAT MY ELDER BROTHER’S WIFE TAUGHT ME (Episode 03)
[STORY] THE WITCH’S DAUGHTER (Episode 06)
Revealed: Why Watford goalkeeper Maduka Okoye was not included in the team on Monday
[STORY] MONEY OVER LOVE (Episode 04)
[STORY] THE WITCH’S DAUGHTER (Episode 02)
[STORY] MONEY OVER LOVE (Episode 05)
[STORY] MONEY OVER LOVE (Episode 03)
[STORY] MONEY OVER LOVE (Episode 12)
[STORY] THE WITCH’S DAUGHTER (Final Episode 09)
[STORY] MONEY OVER LOVE (Episode 02)
[STORY] MONEY OVER LOVE (Episode 06)
[STORY] MONEY OVER LOVE (Episode 08)
BBNaija S7: Amaka and Phyna bemoan the lack of condoms in the home
Epic movie “Anikulapo” by Kunle Afolayan is scheduled to premiere in September
[STORY] MONEY OVER LOVE (Episode 14)
[STORY] MONEY OVER LOVE (Episode 11)
Nkem Owoh Breaks Silence On Claims He Rejected N10 Million To Endorse Bola Tinubu For President
“Nancy Isime Did Butt Enlargement Surgery” – Blessing Okoro Makes Shocking Revelation
[STORY] THE WITCH’S DAUGHTER (Episode 08)
Taurus: Personality qualities, star sign compatibility and Horoscope dates
Monalisa Chida claims the abductor’s phone may be used to find kidnapped Nollywood actors.
[STORY] MONEY OVER LOVE (Episode 17)
[STORY] MONEY OVER LOVE (Episode 18)
[STORY] MONEY OVER LOVE (Final Episode 20)
[STORY] MONEY OVER LOVE (Episode 10)
The representatives of Victor Osimhen call a CRUNCH meeting to debate the future of Napoli.
ANE's Billboard Hots
Technology1 month ago
VoIP Number: Everything You Need To Know
Music6 years ago
[Music] Ed Sheeran – Perfect
Music5 years ago
[Music] Wiz Khalifa – See You Again ft. Charlie Puth
Music1 month ago
[Instrumental] Wiz Khalifa – See You Again ft. Charlie Puth
ANE Stories1 month ago
The Story Of My Life (Complete Episode 1 – 47)
Movie Subtitle1 month ago
DOWNLOAD Complete Money Heist Season 1 Subtitles File [English SRT] 2017
Music3 years ago
[Music] Gnash Ft Olivia O’Brien – I Hate you, I Love you
Music1 month ago
[Video] 21 Savage ft. Offset & Metro Boomin – Rap Saved Me