{"id":57279,"date":"2024-10-02T22:57:40","date_gmt":"2024-10-02T22:57:40","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/"},"modified":"2024-10-02T22:57:40","modified_gmt":"2024-10-02T22:57:40","slug":"700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/","title":{"rendered":"700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking"},"content":{"rendered":"<p>Fourteen newly found bugs in DrayTek Vigor routers \u2014 including one critical remote-code-execution flaw that received a perfect 10 out of 10 CVSS severity rating \u2014 could be abused by crooks looking to seize control of the equipment to then steal sensitive data, deploy ransomware, and launch denial-of-service attacks.<\/p>\n<p>It&#8217;s estimated 785,000 of these devices are operating Wi-Fi networks.<\/p>\n<p>Most of the vulnerabilities are in the routers&#8217; web-based user interface, so if a miscreant can reach that service on the local network or over the public internet, they can exploit the holes to take control of the box, and then launch other attacks on connected machines.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Despite Draytek&#8217;s warning that these Vigor routers&#8217; control panels should only be accessible from a local network, Forescout Research&#8217;s Vedere Labs <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.forescout.com\/resources\/draybreak-draytek-research\/\">found<\/a> [PDF] more than 704,000 DrayTek boxes exposing their web interface to the public internet, ready and ripe for exploitation. Most of these (75 percent) are used by businesses, we&#8217;re told.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Plus: 38 percent of the vulnerable devices remain susceptible to <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.trellix.com\/blogs\/research\/rce-in-dratyek-routers\/\">similar flaws<\/a> that Trellix warned about two years ago.<\/p>\n<blockquote class=\"pullquote\" readability=\"7\">\n<p>DrayTek vulnerabilities have been consistently exploited by threat actors, especially by Chinese APTs<\/p>\n<\/blockquote>\n<p>The 14 freshly found vulnerabilities affect 24 models, some of which are end-of-life and end-of-sale. But because of the severity of the flaws, Taiwan-based DrayTek has <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.draytek.com\/support\/resources\/routers#version\">issued patches<\/a> for all 14 CVEs across both supported and end-of-life routers.<\/p>\n<p>There are also some steps users should take to determine whether their device has already been compromised as well as general best practices to limit exploitation in future of similar bugs.<\/p>\n<p>These include disabling remote access capabilities when they are not required, making it more difficult for someone afar to reach the web user interface. And if these capabilities are necessary, turn on two-factor authentication and implement access control lists to limit that remote access.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Additionally, network segmentation, strong passwords, and device monitoring are always good ideas, especially considering how nation-state gangs are targeting routers in their attacks.<\/p>\n<p>\u201cOver the past six years, DrayTek vulnerabilities have been consistently exploited by threat actors, especially by Chinese APTs,\u201d Elisa Costante, Forescout VP of research told <em>The Register<\/em>, referring to advanced persistent threats.<\/p>\n<p>Just last month, the FBI said <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.ic3.gov\/Media\/News\/2024\/240918.pdf\">Chinese government spies<\/a> [PDF] had exploited three CVEs in DrayTek routers to build a <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/09\/18\/fbi_flax_typhoon_ransomware\/\" rel=\"noopener\">260,000-device botnet<\/a>. And prior to that America&#8217;s CISA <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2024\/09\/03\/cisa-adds-three-known-exploited-vulnerabilities-catalog\">added<\/a> two DrayTek flaws to its catalog of known exploited vulnerabilities.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>In total, the security shop \u201crecorded 130 instances of DrayTek-related attacks, including logins and exploits, between 2023 and 2024,\u201d Costante added.<\/p>\n<h3 class=\"crosshead\">Exploit example<\/h3>\n<p>The bug hunters at Vedere Labs this week published a proof-of-concept exploit that chains two of the newly found vulnerabilities, an OS command injection vulnerability (CVE-2024-41585) and a buffer overflow bug (CVE-2024-41592), that allowed them to gain remote, root access to the host OS on vulnerable equipment, at which point it&#8217;s game over.<\/p>\n<p>CVE-2024-41592 was rated a maximum 10 out of 10 in severity. It exists in the GetCGI() function in the web user interface, which is responsible for retrieving HTTP request data. This function is vulnerable to a buffer overflow when processing the query string parameters, and can be abused by an unauthenticated user to achieve remote code execution or cause a denial of service.<\/p>\n<p>Meanwhile, CVE-2024-41585 is a similarly critical flaw that affects the recvCmd binary in the firmware, used to communicate between the host OS and a guest OS. These routers split their operation between an underlying host operating system, and a guest on top that&#8217;s usually <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.draytek.com\/about\/why-vigor-router\/\">DrayOS<\/a>. The binary is vulnerable to command injection attacks, in that the guest OS can exploit the hole to run arbitrary commands on the host, and received a 9.1 CVSS score.<\/p>\n<p>Thus anyone who can reach the web interface of a vulnerable device can exploit CVE-2024-41592 to achieve code execution in the guest OS that runs the web interface service, and then use CVE-2024-41585 to take control of the underlying host OS and thus the whole device \u2013 remote, root host access.<\/p>\n<p>The other 12 newly discovered bugs have medium and high severity scores.&nbsp;<\/p>\n<p>In its report, out this week, Vedere Labs explains how an attackers could pull off all sorts of criminal acts by exploiting these vulnerabilities.&nbsp;<\/p>\n<p>This includes espionage: By deploying a rootkit that survives reboots and firmware updates, and then using that access to spy on network traffic for credential harvesting and data exfiltration. Compromising the devices&#8217; VPN and SSL\/TLS functionality could allow for man-in-the-middle attacks.<\/p>\n<p>Or, upon breaking into one of the buggy routers, criminals could pivot to other connected devices on the local network and then deploy ransomware, launch denial of service attacks, or build a botnet along the lines of Flax Typhoon.<\/p>\n<div class=\"boxout\" readability=\"32\">\n<p><strong>A list of affected models:<\/strong> Vigor1000B, Vigor2962, Vigor3910, Vigor3912, Vigor165, Vigor166, Vigor2135, Vigor2763, Vigor2765, Vigor2766, Vigor2865, Vigor2866, Vigor2915, Vigor2620, VigorLTE200, Vigor2133, Vigor2762, Vigor2832, Vigor2860, Vigor2925, Vigor2862, Vigor2926, Vigor2952, and Vigor3220.<\/p>\n<\/div>\n<p>\u201cAdditionally, some vulnerable devices, such as the 3910 and 3912 series, support high download\/upload speeds (up to 10 Gigabit), and feature a quad-core CPU, ample RAM and SSD storage,\u201d Costante told us, noting that with these features the devices \u201cmore closely resemble small servers.\u201d<\/p>\n<p>\u201cThese more capable routers could easily be used as command-and-control servers to attack other victims and obfuscate the origin of an attack,\u201d she warned.<\/p>\n<p>DrayTek did not immediately respond to <em>The Register<\/em>&#8216;s inquiries. We will update this story if and when we hear back from the networking gear manufacturer. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2024\/10\/02\/draytek_routers_bugs\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>With 14 serious security flaws found, what a gift for spies and crooks Fourteen newly found bugs in DrayTek Vigor routers \u2014 including one critical remote-code-execution flaw that received a perfect 10 out of 10 CVSS severity rating \u2014 could be abused by crooks looking to seize control of the equipment to then steal sensitive data, deploy ransomware, and launch denial-of-service attacks.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-57279","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-02T22:57:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking\",\"datePublished\":\"2024-10-02T22:57:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\\\/\"},\"wordCount\":915,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\\\/\",\"name\":\"700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-10-02T22:57:40+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/","og_locale":"en_US","og_type":"article","og_title":"700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-10-02T22:57:40+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking","datePublished":"2024-10-02T22:57:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/"},"wordCount":915,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/","url":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/","name":"700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-10-02T22:57:40+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zv4CadrreA9GPcD1zgQCqAAAAEA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/700k-draytek-routers-are-sitting-ducks-on-the-internet-open-to-remote-hijacking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57279","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57279"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57279\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57279"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57279"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57279"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}