Forescout Vedere Labs reported that 14 security vulnerabilities have been uncovered in DrayTek routers, with risks of remote code execution and denial-of-service attacks, making devices highly exploitable.
Among the vulnerabilities, two are critical with a maximum CVSS score of 10.0, including a severe buffer overflow in the Web UI's 'GetCGI()' function, risking denial-of-service.
The presence of identical admin credentials across the router system can lead to a complete system takeover, demonstrating a significant weakness in DrayTek's security posture.
Various reflected and stored XSS vulnerabilities in the Web UI have been identified, exposing customers to additional risks when interacting with the router settings and configurations.
[
Collection
]
[
|
...
]