Connect with us

Tech News

UK telcos including BT at risk from DrayTek router vulnerabilities

Published

on

UK telcos including BT at risk from DrayTek router vulnerabilities

Several major communications services providers in the UK were found to be at risk from a series of vulnerabilities in Draytek’s Vigor router devices. This information was disclosed by ForeScout on October 2nd, impacting companies such as Daisy Communications, Gamma Telecom, Zen Internet, and even BT.

DrayTek released patches for all 14 vulnerabilities before the disclosure. However, ForeScout reported that over 704,000 routers were still exposed online at the time of disclosure. Given the recent takedown of a botnet involving DrayTek assets by the FBI, there is a significant risk of downstream compromises.

Forescout’s researchers highlighted that 75% of the vulnerable devices were being used in commercial settings. They emphasized the severe implications for business continuity and reputation, with potential downtime, loss of trust, and regulatory penalties.

The vulnerabilities varied in severity and impact, ranging from full system compromise to denial of service attacks and remote code execution. The most critical vulnerability, CVE-2024-41592, could lead to DoS and RCE, allowing threat actors to gain remote root access and perform malicious activities.

Further analysis by Censys revealed that the exposed DrayTek Vigor devices were predominantly located in the UK, Vietnam, the Netherlands, and Taiwan. In the UK, Gamma Telecom, BT, Daisy Communications, and Zen Internet had the highest numbers of vulnerable hosts.

Operators of the affected Vigor routers have been advised to patch their firmware immediately and restrict administrative web UIs from public access. BT confirmed they are working on remediations, while other affected organizations named by Censys did not respond to requests for comment.

See also  Apple Unveils New Immersive Video Series and Films Coming to Vision Pro

FBI operation

In September 2024, the FBI conducted an operation against threat actors exploiting DrayTek’s devices, including products from other suppliers. This operation targeted a China-based company linked to state-backed threat actor Flax Typhoon, known for its intelligence-gathering activities.

The Flax Typhoon APT group, active since 2021, primarily targets networks in Taiwan but has also been observed in other regions. It focuses on government bodies, educational institutions, and various organizations worldwide.

Trending