"Over 200,000 DrayTek Routers Vulnerable to Total Device Takeover"

More than 200,000 DrayTek routers are vulnerable to a serious vulnerability, which could expose businesses to network breaches. The DrayTek Vigor 3910 is currently vulnerable to total compromise by threat actors, and it is especially vulnerable if it has an Internet-facing management interface. Researchers at the cybersecurity firm Trellix discovered the flaw in the model, as well as in 28 other DrayTek devices that share the same code base. They emphasized that there are currently no examples of threat actors exploiting the vulnerability in the wild. The researchers have warned businesses that when routers are compromised, they expose a network to the possibility of intellectual property theft, stolen passwords, data breaches, or ransomware attacks. DrayTek is a Taiwanese manufacturer of routers for 'SoHo' small and medium businesses (SMBs), with their products often being used to provide Virtual Private Network (VPN) access to remote-working employees. Threat actors can exploit the management interface of the affected routers by entering a Base64 encoded string as the username and password when prompted, thus causing a buffer overflow on its login page and allowing the router's 'DrayOS' to be taken over. The attack can be carried out through the router's Local Area Network (LAN). It can also be performed remotely over the Internet if the router's management interface is configured to be Internet-facing. The researchers have issued a number of recommendations, including keeping firmware up to date, avoiding exposing the management interface to the Internet if possible, and changing the password on any affected devices. This article continues to discuss the potential exploitation and impact of the critical vulnerability in DrayTek Vigor routers. 

ITPro reports "Over 200,000 DrayTek Routers Vulnerable to Total Device Takeover"