As many as 29 totally different router fashions from DrayTek have been recognized as affected by a brand new crucial, unauthenticated, distant code execution vulnerability that, if efficiently exploited, might result in full compromise of the gadget and unauthorized entry to the broader community.
“The assault might be carried out with out person interplay if the administration interface of the gadget has been configured to be web going through,” Trellix researcher Philippe Laulheret mentioned. “A one-click assault can be carried out from throughout the LAN within the default gadget configuration.”
Filed underneath CVE-2022-32548, the vulnerability has acquired the utmost severity ranking of 10.0 on the CVSS scoring system, owing to its capability to utterly permit an adversary to grab management of the routers.
At its core, the shortcoming is the results of a buffer overflow flaw within the net administration interface (“/cgi-bin/wlogin.cgi”), which might be weaponized by a malicious actor by supplying specifically crafted enter.
“The consequence of this assault is a takeover of the so-called ‘DrayOS’ that implements the router functionalities,” Laulheret mentioned. “On gadgets which have an underlying Linux working system (such because the Vigor 3910) it’s then potential to pivot to the underlying working system and set up a dependable foothold on the gadget and native community.”
Over 200,000 gadgets from the Taiwanese producer are mentioned to have the susceptible service at present uncovered on the web and would require no person interplay to be exploited.
The breach of a community equipment equivalent to Vigor 3910 couldn’t solely depart a community open to malicious actions equivalent to credential and mental property theft, botnet exercise, or a ransomware assault, but additionally trigger a denial-of-service (DoS) situation.
The disclosure comes somewhat over a month after it emerged that routers from ASUS, Cisco, DrayTek, and NETGEAR are underneath assault from a brand new malware known as ZuoRAT concentrating on North American and European networks.
Whereas there are not any indicators of exploitation of the vulnerability within the wild to date, it is really useful to use the firmware patches as quickly as potential to safe in opposition to potential threats.
“Edge gadgets, such because the Vigor 3910 router, stay on the boundary between inside and exterior networks,” Laulheret famous. “As such they’re a primary goal for cybercriminals and menace actors alike. Remotely breaching edge gadgets can result in a full compromise of the companies’ inside community.”
