{"id":57291,"date":"2024-10-03T13:22:48","date_gmt":"2024-10-03T13:22:48","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/36424\/14-DrayTek-Vulns-Patched-Including-RCE-Flaw.html"},"modified":"2024-10-03T13:22:48","modified_gmt":"2024-10-03T13:22:48","slug":"14-draytek-vulns-patched-including-rce-flaw","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/","title":{"rendered":"14 DrayTek Vulns Patched, Including RCE Flaw"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/files.cyberriskalliance.com\/wp-content\/uploads\/2024\/10\/AdobeStock_422696210.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>DrayTek patched 14 vulnerabilities affecting 24 of its router models, including a maximum severity buffer overflow flaw that could lead to remote code execution (RCE) or denial-of-service (DoS).<\/p>\n<p>The two critical-, nine high- and three medium-severity DrayTek bugs were discovered by Forescout Research\u2019s Vedere Labs and described in <a href=\"https:\/\/www.forescout.com\/resources\/draybreak-draytek-research\/\" target=\"_blank\" rel=\"noreferrer noopener\">a report titled \u201cDRAY:BREAK\u201d<\/a> published Thursday.<\/p>\n<p>Shodan searches conducted by the researchers also revealed approximately 704,525 DrayTek devices exposed to the internet, despite vendor recommendations that the DrayTek web user interface only be accessible to those within one\u2019s local network. About 38% of these exposed devices, or more than 267,000 routers, are susceptible to similar years-old vulnerabilities, the report revealed.<\/p>\n<p>DrayTek routers are in widespread use throughout various industries, including healthcare, manufacturing and government, and about 75% of the internet-exposed devices discovered are intended for business use, <a href=\"https:\/\/www.forescout.com\/blog\/research-alert-draytek-exposed-vulnerable-routers\/\" target=\"_blank\" rel=\"noreferrer noopener\">according to Forescout<\/a>.<\/p>\n<p>Furthermore, less than 3% of the exposed devices were updated to the latest DrayTek firmware version, and the most popular version found, 3.8.9.2, was released more than six years.<\/p>\n<p>\u201cTo safeguard against these vulnerabilities, organizations must immediately patch affected DrayTek devices with the latest firmware. Disabling unnecessary remote access, implementing Access Control Lists and two-factor authentication, and monitoring for anomalies through syslog logging are all crucial steps,\u201d Daniel dos Santos, head of security research at Forescout Research \u2013 Vedere Labs, said <a href=\"https:\/\/www.forescout.com\/press-releases\/14-vulnerabilities-draytek-routers\/\" target=\"_blank\" rel=\"noreferrer noopener\">in a statement<\/a>.<\/p>\n<h2>Multiple DrayTek flaws risk RCE, DoS, XSS<\/h2>\n<p>The most severe DrayTek bug discovered, tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-41492\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-41492<\/a>, is a buffer overflow vulnerability in the \u201cGetCGI()\u201d function of the DrayTek Vigor web UI. This flaw causes errors when processing query string parameters, which could allow for RCE or DoS by an unauthenticated attacker.<\/p>\n<p>Another critical flaw, tracked as <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-41585\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-41585<\/a>, involves the \u201crecvCmd\u201d binary, which is used by the host operating system to communicate with the guest OS and vice versa. This binary is susceptible to OS command injection, which can also lead to virtual machine escape, the DRAY:BREAK report states.<\/p>\n<p>Among the 14 vulnerabilities disclosed are nine high-severity bugs with CVSS scores ranging from 7.2 to 7.6, several of which can lead to DoS and RCE. One of the flaws, tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-41689\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-41589<\/a>, lies in the fact that the same admin credentials are used across the entire system, including both the host and guest OS, which could lead to full system compromise if these credentials are compromised.<\/p>\n<p>Additionally, three medium-severity bugs with CVSS scores of 4.9 could enable cross-site scripting (XSS) due to insufficient input sanitization enabling the injection of arbitrary JavaScript code under certain conditions.<\/p>\n<p>DrayTek has released fixed firmware versions for the affected devices, although 11 of the affected devices have already reached end-of-life (EoL) and thus only received fixes for the most severe flaw, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-40502\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-41502<\/a>. The DAY:BREAK report provides a full list of affected models and fixed versions; DrayTek did not appear to have a security advisory for these flaws published <a href=\"https:\/\/www.draytek.com\/about\/security-advisory\/\" target=\"_blank\" rel=\"noreferrer noopener\">on its website<\/a> as of Thursday afternoon.<\/p>\n<h2>EoL routers, old vulnerabilities often targeted by threat actors<\/h2>\n<p>Outdated, vulnerable routers pose an ongoing and serious threat to homes and businesses; Forescout says nearly two-thirds \u2013 63% \u2013 of the internet-exposed DrayTek devices it found in its search were either end-of-sale or EoL. Businesses are encouraged to identify and replace any EoL devices to avoid exploitation of any unmitigated vulnerabilities.<\/p>\n<p>While there is no indication the 14 newest vulnerabilities discovered by Forescout have been exploited in the wild, attackers are actively targeting DrayTek flaws as shown by the addition of three DrayTek vulnerabilities to the Cybersecurity and Infrastructure Security Agency\u2019s (CISA) <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?search_api_fulltext=draytek&amp;field_date_added_wrapper=all&amp;field_cve=&amp;sort_by=field_date_added&amp;items_per_page=20&amp;url=\" target=\"_blank\" rel=\"noreferrer noopener\">Known Exploited Vulnerabilities<\/a> (KEV) catalog last month, including <a href=\"https:\/\/www.scworld.com\/news\/sap-d-link-flaws-among-4-added-to-known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noreferrer noopener\">a critical four-year-old vulnerability added earlier this week<\/a>. &nbsp;<\/p>\n<p>The Forescout report also points out that several similar vulnerabilities, often affecting the same functions, have come up in various DrayTek devices and firmware versions over the past few years, suggesting a lack of variant analysis and post-mortem analyses after such vulnerabilities are reported and patched.<\/p>\n<p>\u201cSomeone finding 14 new vulnerabilities at the same time likely tells you that extensive vulnerability testing was not done by the vendor. The larger reality is that this same finding is likely true about the majority of internet-connected devices and this is just the one we are learning about today,\u201d Roger Grimes, data-driven defense evangelist at KnowBe4, said in an email to SC Media.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/36424\/14-DrayTek-Vulns-Patched-Including-RCE-Flaw.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":57292,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[1011],"class_list":["post-57291","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlineflawpatch"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>14 DrayTek Vulns Patched, Including RCE Flaw 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"14 DrayTek Vulns Patched, Including RCE Flaw 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-03T13:22:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/files.cyberriskalliance.com\/wp-content\/uploads\/2024\/10\/AdobeStock_422696210.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/14-draytek-vulns-patched-including-rce-flaw\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/14-draytek-vulns-patched-including-rce-flaw\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"14 DrayTek Vulns Patched, Including RCE Flaw\",\"datePublished\":\"2024-10-03T13:22:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/14-draytek-vulns-patched-including-rce-flaw\\\/\"},\"wordCount\":710,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/14-draytek-vulns-patched-including-rce-flaw\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/14-draytek-vulns-patched-including-rce-flaw.jpg\",\"keywords\":[\"headline,flaw,patch\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/14-draytek-vulns-patched-including-rce-flaw\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/14-draytek-vulns-patched-including-rce-flaw\\\/\",\"name\":\"14 DrayTek Vulns Patched, Including RCE Flaw 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/14-draytek-vulns-patched-including-rce-flaw\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/14-draytek-vulns-patched-including-rce-flaw\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/14-draytek-vulns-patched-including-rce-flaw.jpg\",\"datePublished\":\"2024-10-03T13:22:48+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/14-draytek-vulns-patched-including-rce-flaw\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/14-draytek-vulns-patched-including-rce-flaw\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/14-draytek-vulns-patched-including-rce-flaw\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/14-draytek-vulns-patched-including-rce-flaw.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/14-draytek-vulns-patched-including-rce-flaw.jpg\",\"width\":800,\"height\":570},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/14-draytek-vulns-patched-including-rce-flaw\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,flaw,patch\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineflawpatch\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"14 DrayTek Vulns Patched, Including RCE Flaw\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"14 DrayTek Vulns Patched, Including RCE Flaw 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/","og_locale":"en_US","og_type":"article","og_title":"14 DrayTek Vulns Patched, Including RCE Flaw 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-10-03T13:22:48+00:00","og_image":[{"url":"https:\/\/files.cyberriskalliance.com\/wp-content\/uploads\/2024\/10\/AdobeStock_422696210.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"14 DrayTek Vulns Patched, Including RCE Flaw","datePublished":"2024-10-03T13:22:48+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/"},"wordCount":710,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/10\/14-draytek-vulns-patched-including-rce-flaw.jpg","keywords":["headline,flaw,patch"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/","url":"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/","name":"14 DrayTek Vulns Patched, Including RCE Flaw 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/10\/14-draytek-vulns-patched-including-rce-flaw.jpg","datePublished":"2024-10-03T13:22:48+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/10\/14-draytek-vulns-patched-including-rce-flaw.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/10\/14-draytek-vulns-patched-including-rce-flaw.jpg","width":800,"height":570},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/14-draytek-vulns-patched-including-rce-flaw\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,flaw,patch","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineflawpatch\/"},{"@type":"ListItem","position":3,"name":"14 DrayTek Vulns Patched, Including RCE Flaw"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57291"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57291\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/57292"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}