Threat actors have been exploiting a couple of vulnerabilities affecting some DrayTek enterprise routers in attacks that started before patches were released by the vendor. In early December 2019, researchers at the Network Security Research Lab of Chinese cybersecurity firm Qihoo 360 noticed that some DrayTek Vigor routers had been targeted in attacks exploiting a vulnerability which at the time had a zero-day status.
Cybersecurity researchers with Qihoo 360's NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report, at least two separate groups of hackers exploited two critical remote command injection vulnerabilities affecting DrayTek Vigor enterprise switches, load-balancers, routers and VPN gateway devices to eavesdrop on network traffic and install backdoors.
Nearly all of the 800,000+ DrayTek routers currently in operation are subject to an exploit allowing an attacker to change its DNS settings. Update your firmware now.
DrayTek has announced a security hole in its Vigor range of routers.
'It may be possible for an attacker to intercept your router' Taiwanese network kit maker DrayTek has 'fessed up to a vulnerability in a large number of its routers which could allow miscreants to...