GreyNouse reports DrayTek routers actively attacked using old vulnerabilities
Take action: If you are running DrayTek routers, time to start patching IMMEDIATELY! DrayTek routers are actively exploited with multple flaws, including some very old ones. Don't delay this one!
Learn More
GreyNoise Intelligence has reported significant in-the-wild exploitation activity targeting several known vulnerabilities in DrayTek router devices globally.
While a direct connection between this activity and recently reported widespread reboots affecting DrayTek routers can't be confirmed, GreyNoise's Global Observation Grid (GOG) has detected exploitation attempts against the following vulnerabilities:
- CVE-2020-8515 (CVSS score9.8) - A remote code execution vulnerability affecting multiple DrayTek router models. This vulnerability allows attackers to execute arbitrary code on affected devices.
- Top targeted countries (by session count) in the past week: Indonesia, Hong Kong, United States
- CVE-2021-20123 (CVSS score 7.5) - A directory traversal vulnerability in DrayTek VigorConnect, potentially allowing attackers to access unauthorized files.
- CVE-2021-20124 (CVSS score 7.5) - A second directory traversal vulnerability in DrayTek VigorConnect.
- Top targeted countries (by session count) in the past week: Lithuania, United States, Singapore
GreyNoise recommends that organizations patch their routers and block identified malicious IP addresses.
