Security

High-end router flinger DrayTek admits to zero day in bunch of Vigor kit

'It may be possible for an attacker to intercept your router'


Taiwanese network kit maker DrayTek has 'fessed up to a vulnerability in a large number of its routers which could allow miscreants to hijack internet traffic or steal personal data.

The flaw means attackers could remotely alter DNS settings on 28 Vigor model routers. DrayTek has released a series of firmware updates addressing the issue.

Users have complained about the problem for the last week on the AbuseIPDB forum. One noted the zero-day attack had infiltrated their servers, CRM and workstations.

"We now cannot log in as it is obvious this zero-day attack has changed our passwords including our VPN accounts [that] our remote users use to log in to the environment."

DrayTek routers are considered high end in the UK – retailing at around £200, more than twice the price of garden-variety alternatives – and are mostly used by businesses. In 2015, BT's Openreach accredited DrayTek for use of its very-high-bit-rate digital subscriber line 2 (VDSL2) fibre-to-the-cabinet products.

One business customer, who discovered his router was open to the vulnerability, told El Reg: "DrayTek routers are really expensive compared with other makes, they have an awful lot of features on them and this is the first known exploit I've come across."

In a statement, the company said:

We have become aware of security reports with DrayTek routers related to the security of web administration when managing DrayTek routers.

In some circumstances, it may be possible for an attacker to intercept or create an administration session and change settings on your router.

The reports appear to show that DNS settings are being altered. Specific improvements have been identified as necessary to combat this and we are in the process of producing and issuing new firmware. You should install that as soon as possible.

Until you have the new firmware installed, you should check your router's DNS settings on your router and correct them if changed (or restore from a config backup).

A survey by Broadband Genie recently found the vast majority of punters are potentially leaving themselves exposed by failing to change the password and security setting on their routers. ®

Send us news
34 Comments
Get our Security newsletter

Keep Reading

Google and Cisco, sitting in a (spanning) tree, cloud N-E-T-W-O-R-K-I-N-G

Borg SD-WANS can now drive Chocolate Factory virty cloud networks and the workloads therein

Rogue ex-Cisco employee who crippled WebEx conferences and cost Cisco millions gets two years in US prison

In brief And the week's other security news

Passwords begone: GitHub will ban them next year for authenticating Git operations

Prepare for two brownouts in July when things get tested properly

After Cummings' Barnard Castle trip, cheeky Britons started using the word 'vision' in their passwords

That was still dwarfed by clods using 'password' itself, though

Whatever 4D chess Acacia was playing has worked: Cisco merger back on after ante upped 64% to $4.5bn

Switchzilla's enlarged offer accepted after smaller biz tried to stall acquisition

Intel, Apple, Cisco, Google sue US Patent Office – Tech police, open up!

Silicon Valley heavyweights demand access to review boards that can shoot down trolls just ahead of trial

Cisco drags Acacia toward court to keep stalled $2.6bn acquisition on track

Smaller biz terminates deal after Chinese watchdogs dither

Brit webcam criminal snared in FBI LuminosityLink creepware sting spared prison

Swindon man walks away with two-year suspended sentence

I'll give you my passwords if you investigate police corruption, accused missile systems leaker told cops

Ex-BAE Systems bod's letter read to Old Bailey

Cisco warns VMware vCenter bug puts hyperconverged tin in ‘unrecoverable’ state

Whatever you do, don’t run vCenter Server 7.0 U1 on HyperFlex. Just don’t go there unless you want horrible pain. Clear enough warning?

Tech Resources

Gartner Market Guide for Security Orchestration, Automation and Response (SOAR) Solutions

Gartner’s latest Market Guide for SOAR Solutions provides valuable insights into the must-have capabilities provided by a SOAR, the trajectory of the technology and marketplace, and a representative list of SOAR vendors (including Splunk, which was recognized for Splunk Phantom as its product solution).

Leveraging Omniverse in AEC

Learn how Omniverse can power your projects in the architecture, engineering, and construction industries.

Keeping a Security Mindset: A Checklist for Working Remotely

Safeguarded work stations—whether in office or at home—translate to secure data and minimal interruptions. Here are a few steps to keeping your information safe and practicing good cybersecurity hygiene while working from home.

Modern Infrastructure and Development: Using Identity to Scale for Tomorrow’s Technology

To insulate themselves against catastrophic data breaches, companies are moving toward modernizing their tech stacks through the refactoring and consolidation of legacy software components.