Summary: A comprehensive security audit by the Faraday Team has revealed critical vulnerabilities in DrayTek Vigor routers, allowing attackers to gain complete control over the devices. The identified weaknesses include insecure authentication, weak password storage, and several high-severity vulnerabilities with CVSS scores up to 9.8. Affected users are urged to update their firmware to mitigate risks.
Affected: DrayTek Vigor routers
Keypoints :
- Various DrayTek Vigor models are affected, including Vigor165, Vigor2862, and Vigor3912.
- Critical vulnerabilities have CVSS scores ranging from 7.5 to 9.8, with risks of arbitrary code execution and denial-of-service attacks.
- DrayTek users are advised to update to the latest firmware versions to protect against these vulnerabilities.