Summary
On Friday 6/08/2022 4U Computer Solutions were made aware from CertNZ of a new RCE vulnerability affecting DrayTek Routers.
Remote Code Execution attacks can be performed without user interaction if the management interface of the device has been configured to be internet facing.
Exploitation of this vulnerability can lead to a full compromise of the device and may lead to a network breach and unauthorized access to internal resources.
At this stage CertNZ is not aware of active exploitation of this vulnerability.
However, once vulnerabilities of this calibre are made public it is a matter of time before active exploitation begins to be seen.
Impact& Systems Affected
DrayTek routers that have interface management that is internet facing.
Devices where the affected service is not exposed externally are still vulnerable to a one-click attack from the local area network (LAN).
A full list of vulnerable devices can be found in DrayTeks Security Advisory here.
Mitigation
We have begun contacting all our customers that we have identified to possibly be at risk.
As a response we need to connect to your router and ensure that it is running the latest (and patched) firmware applicable to the specific model.
This attack can be easily mitigated by ensuring that the firmware is up to date on affected devices.
If you believe you are running a DrayTek Router and have not been contacted by us please call us immediately on 0800 48 2667 or clicking here