Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Zotac Gaming GTX 1650 Super review
Radeon Adrenalin 2020 Edition Driver Overview
Guru3D Winter 2019 PC Buyer Guide
Corsair QL120 and QL140 RGB fan review
Promo: Windows 10 Pro for $13 With Office 2016 For $33
Corsair Void RGB Elite Wireless Headset review
Team Group PD400 Portable SSD review
AMD Athlon 3000G review
Team Group T-Force Delta Max 1 TB SSD review
Guru3D Rig of the Month - November 2019

New Downloads
PCMark 10 Download v2.0.2153
AMD Radeon Adrenalin Edition 19.12.2 driver download
GeForce 441.66 WHQL driver download
CPU-Z download v1.91
GPU-Z Download v2.28.0
3DMark Download v2.11.6846 + Port Royale
HWiNFO64 Download v6.20
AMD Radeon Adrenalin Edition 19.12.1 driver download
Crystal DiskMark Download v7.0.0f
AMD Ryzen Master Utility Download v2.1.0.1424


New Forum Topics
RX Vega Owners Thread, Tests, Mods, BIOS & Tweaks ! (cont.) AMD Radeon Adrenalin Edition 19.12.2 driver download & discussion Fine Utilise Power of RadeonPRO Software & SweetFX Part 2 Guru3D 2019 December 11th contest: Win an ASUS ROG Crosshair VIII Formula (AMD X570) Will Nvidia ever offer more modern Post-AA in their control panel beyond just FXAA? Bizarre issue I can't figure out Radeon Adrenalin 2020 Edition Driver Overview Are we ever going to get a new NVIDIA CONTROL PANEL ??? 5700XT Overclocking Thread ASUS X370 Open Letter/Feedback Status Log




Guru3D.com » News » Over 700.000 DrayTek routers suffer from zero-day attack

Over 700.000 DrayTek routers suffer from zero-day attack

by Hilbert Hagedoorn on: 05/21/2018 07:20 AM | source: | 1 comment(s)
Over 700.000 DrayTek routers suffer from zero-day attack

DrayTek has issued a warning on their website, their vigor routers are susceptible for hacking attempts where the DNS settings of DrayTek routers are changed due to a vulnerability. Once the DNS is changed, attackers will intercept traffic and automatically redirect victims to malicious websites. 

More than 700,000 devices are potentially affected. DrayTek states it found out about the attacks this month. The attacks are only against web-enabled devices and the attacks appear to work even if the remote access functionality of the router is disabled. Although DrayTek states it won’t provide further details, the attack is likely similar to similar attacks against routers of other vendors. Similar to other attacks, the attackers are very likely able to change the DNS settings through a so-called CSRF attack. This means the attackers change the settings without entering the control panel, reports myce:

The DNS is changed to a DNS server under control of the attackers. That gives them pretty much full control over the user’s internet connection. They can e.g. log which websites the victim visits, redirect victims to fake banking websites, hijack search queries and inject advertisements on websites.

While DrayTek is working on a firmware update, the company recommends users to check the DNS and DHCP settings of their router, disable remote access at least until a patch is available, make sure the connection to your router is encrypted (address starts with HTTPS://) and to report anything suspicious to the company. If the DNS and DHCP settings have been changed by the attackers, DrayTek advises to restore a backup or to check and correct the settings. DrayTek also advises checking that no other admin users have been added and recommends to read their CSRF explanation page.

The majority of the affected devices will likely be from DrayTek’s Vigor series which consists of mainly routers and/or DSL modems.  Device tracking service Shodan reports there are about 790,000 DrayTek Vigor devices connected to the internet of which about 260,000 are in the United Kingdom and about 140,000 are in the Netherlands. Other countries where DrayTek Vigor products are widely in use are Vietnam, Germany and Taiwan.

Because DrayTek has not released a patch for the issue and because it’s already exploited in the wild, the attacks are now regarded as so-called zero day attacks.



Over 700.000 DrayTek routers suffer from zero-day attack




Rate this story
Rating:

« Steam Steam Weekly Top Selling Titles May 21st 2018 · Over 700.000 DrayTek routers suffer from zero-day attack · NZXT H700i Ninja Edition »

Inquisitor
Senior Member



Posts: 109
Joined: 2013-10-19

#5548845 Posted on: 05/21/2018 10:25 PM
It's OK, we only have about a few hundred of these at our customer sites :eek:

Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2019