Blog Details

  • Home
  • Blog
  • 14 DrayTek Router Vulnerabilities Uncovered, Including Critical Flaws
14 DrayTek Router Vulnerabilities Uncovered, Including Critical Flaws

14 DrayTek Router Vulnerabilities Uncovered, Including Critical Flaws

Cybersecurity researchers have discovered over a dozen new security vulnerabilities in residential and enterprise routers manufactured by DrayTek. These vulnerabilities could be exploited by attackers to take over susceptible devices.

The flaws, collectively referred to as DRAY

, were detailed in a report by Forescout Vedere Labs, which was shared with The Hacker News. The report highlights that the vulnerabilities allow attackers to inject malicious code, enabling them to gain persistent access to the router and use it as a gateway into enterprise networks.

Out of the 14 vulnerabilities, two are rated critical, nine are rated high, and three are rated medium in severity. The most severe flaw, tracked as CVE-2024-41592, has been awarded a CVSS score of 10.0, the highest possible rating.

Critical Vulnerabilities in DrayTek Routers

One of the most critical vulnerabilities, CVE-2024-41592, involves a buffer overflow bug in the GetCGI() function of the router's Web user interface (UI). When exploited, this flaw can lead to a denial-of-service (DoS) or remote code execution (RCE) by manipulating query string parameters.

Another critical flaw, CVE-2024-41585 (CVSS score: 9.1), involves operating system (OS) command injection in the recvCmd binary, which facilitates communication between the host and guest OS.

Additional Vulnerabilities

In addition to the critical flaws, 12 other vulnerabilities have been identified, including:

  1. CVE-2024-41589 (CVSS score: 7.5) - Use of the same admin credentials across the entire system, enabling complete system compromise.
  2. CVE-2024-41591 (CVSS score: 7.5) - Reflected cross-site scripting (XSS) vulnerability in the Web UI.
  3. CVE-2024-41587 (CVSS score: 4.9) - Stored XSS in the Web UI when configuring a custom greeting message.
  4. CVE-2024-41583 (CVSS score: 4.9) - Stored XSS in the Web UI when setting a custom router name.
  5. CVE-2024-41584 (CVSS score: 4.9) - Reflected XSS in the Web UI login page.
  6. CVE-2024-41588 (CVSS score: 7.2) - Buffer overflow in CGI pages leading to DoS or RCE.
  7. CVE-2024-41590 (CVSS score: 7.2) - Buffer overflow in CGI pages leading to DoS or RCE.
  8. CVE-2024-41586 (CVSS score: 7.2) - Stack buffer overflow in the ipfedr.cgi page leading to DoS or RCE.
  9. CVE-2024-41596 (CVSS score: 7.2) - Multiple buffer overflow vulnerabilities leading to DoS or RCE.
  10. CVE-2024-41593 (CVSS score: 7.2) - Heap-based buffer overflow in the ft_payloads_dns() function leading to DoS.
  11. CVE-2024-41595 (CVSS score: 7.2) - Out-of-bounds write vulnerability leading to DoS or RCE.
  12. CVE-2024-41594 (CVSS score: 7.6) - Information disclosure vulnerability allowing an attacker to perform an adversary-in-the-middle (AitM) attack.

Scope of the Issue

According to Forescout’s analysis, over 704,000 DrayTek routers have their Web UI exposed to the internet, making them attractive targets for malicious actors. The majority of these exposed devices are located in the U.S., followed by Vietnam, the Netherlands, Taiwan, and Australia.

Patches and Recommendations

DrayTek has released patches to address all identified vulnerabilities, including fixes for end-of-life (EoL) models affected by the most critical flaws.

To fully protect against these vulnerabilities, Forescout recommends patching all devices running the affected software. Additionally, users are advised to disable remote access to their routers if it is not necessary. Implementing an access control list (ACL) and two-factor authentication (2FA) can further enhance security.

Global Cybersecurity Guidance

The discovery of these vulnerabilities coincides with joint guidance issued by cybersecurity agencies from nine countries, including the U.S., Australia, Canada, Germany, and Japan. The document, titled "Principles of Operational Technology Cybersecurity," outlines six key rules for critical infrastructure organizations:

  1. Safety is paramount.
  2. Knowledge of the business is crucial.
  3. OT data must be protected.
  4. Segment and segregate OT from other networks.
  5. Secure the supply chain.
  6. People are essential for OT cybersecurity.

The agencies emphasized that quick decision-making, prioritizing security in OT environments, will improve safety, security, and business continuity.

© 2016 - 2025 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067