Jobaaj Stories
DrayTek's Strong FY2024 Results & Critical Security Vulnerabilities
DrayTek reported impressive full-year 2024 results, showcasing a 52% revenue surge to NT$1.18 billion and a remarkable 121% jump in net income to NT$271.6 million. This translates to a healthy 23% profit margin and an EPS of NT$2.88, significantly up from the previous year. However, these positive financials are overshadowed by serious security concerns.
Significant Security Flaws Discovered
Recent research has uncovered critical vulnerabilities in several DrayTek Vigor router models, exposing them to remote code execution (RCE), denial-of-service (DoS) attacks, and credential theft. Eight CVEs highlight weaknesses in authentication, kernel modules, and protocol implementations. These vulnerabilities allow attackers to bypass security, execute malicious code, and potentially compromise entire networks. This impacts various models, including the Vigor165/166, Vigor2620/LTE200, and Vigor2860/2925, among others. Affected users are urged to immediately update their firmware to the latest available versions.
Ransomware Campaign Exploiting DrayTek Vulnerabilities
Adding to the concern, Forescout Technologies revealed a large-scale ransomware campaign targeting over 20,000 DrayTek Vigor devices in 2023, leveraging—possibly—zero-day vulnerabilities. This campaign involved multiple threat actors and resulted in significant incidents, including a supply-chain attack. The attack primarily targeted the 'mainfunction.cgi' web page, a vulnerability present in older models. While some vulnerabilities were patched years ago, the persistence of this attack highlights the importance of regular firmware updates and robust security practices.
Mitigation and Recommendations
Immediate action is crucial. Users should prioritize updating their firmware, disabling unnecessary services like TR069 and STUN, and implementing network segmentation. Regular vulnerability scanning and proactive security measures are essential for mitigating these risks. The situation underscores the need for vendors to prioritize security and for users to demand transparent security practices from their equipment providers.
