Threat actors have been exploiting a couple of vulnerabilities affecting some DrayTek enterprise routers in attacks that started before patches were released by the vendor.
DrayTek is a Taiwan-based manufacturer of networking equipment, including routers, firewalls, broadband customer premises equipment (CPE), and VPN devices.
In early December 2019, researchers at the Network Security Research Lab of Chinese cybersecurity firm Qihoo 360 noticed that some DrayTek Vigor routers had been targeted in attacks exploiting a vulnerability which at the time had a zero-day status. Researchers then noticed on January 28 that a second zero-day flaw affecting DrayTek Vigor routers had been exploited in attacks by a different threat group.
The vulnerabilities, tracked as CVE-2020-8515, can be exploited for command injection and they are related to the rtick and keyPath fields. Qihoo 360 researchers disclosed technical details about the flaws and the attacks on Friday.
Qihoo 360 unsuccessfully attempted to notify DrayTek of the attacks exploiting the first vulnerability in early December. However, the vendor said it only became aware of the flaws and exploitation attempts on January 30, after another researcher independently discovered one of the vulnerabilities. DrayTek patched the security holes on February 6 with the release of firmware version 1.5.1.
According to DrayTek, the flaws impact its Vigor300B load balancing routers, its Vigor2960 VPN gateways, and its Vigor3900 routers. The Vigor3900 routers have been discontinued, but the vendor has still released patches for these devices.
“If you have remote access enabled on your router, disable it if you don't need it, and use an access control list if possible. If you have not updated the firmware yet, disable remote access (admin) an ..
Support the originator by clicking the read the rest link below.
