The Vulnerability Research team over at Trellix Threat Labs has identified an vulnerability affecting a number of DrayTek routers, commonly used by businesses in the UK.
It’s worth checking your comms cupboard to see if your model is affected, and take the appropriate steps below to safeguard your network from intruders.
Vulnerability monitoring & firmware updates are included in our Managed IT solutions.
The attack can be performed without user interaction if the management interface of the device has been configured to be internet facing.
A one-click attack can also be performed from within the LAN in the default device configuration. The attack can lead to a full compromise of the device and may lead to a network breach and unauthorized access to internal resources.
All the affected models have a patched firmware available for download on the vendor’s website.
The vulnerable devices are as follow:
The compromise of your router can lead to the following outcomes:
Failed attempts to compromise your router could lead to unexpected reboots of your router and loss of internet connectivity and other forms of network disruption.
We provide the following recommendations to those potentially affected by a vulnerable DrayTek router:
Upgrade your device to the latest firmware, which you can find on DrayTek’s website.
Verify that no settings within the VPN Access, port mirroring and DNS and any other settings haven’t been tampered with.
Disable web access to the management inferface, unless absolutely nessecary, and enable MFA IP restrictions to minimise the risk of attack.
Change the password of affected devices and revoke any secret stored on the router that may have been leaked.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Comments are closed.