The vulnerability resides in the Web User Interface (WebUI), which accepts HTTP(S) requests without sufficient input validation. If exploited, attackers could gain complete control of affected devices and pivot deeper into corporate networks.
The flaw can be triggered when crafted HTTP or HTTPS requests are sent to the WebUI over network interfaces where remote access is enabled.
During malicious interactions, the WebUI fails to properly handle specially crafted parameters, leading to memory corruption.
A successful attack may crash the device, disrupting network connectivity. In specific configurations, attackers can leverage the crash to overwrite memory regions and execute shell commands with root privileges.
No authentication is required, and proof-of-concept exploits demonstrate remote code execution on versions before the patched firmware.
While the vulnerability’s public designation is yet to receive a CVE identifier, its impact mirrors high-severity remote code execution flaws historically exploited in routers.
Exploitation from the Wide Area Network (WAN) is prevented when WebUI and SSL VPN services are disabled or protected by properly configured Access Control Lists (ACLs).
However, if remote access remains enabled, the risk is pervasive.
Even within Local Area Networks (LANs), an attacker with network access can target the WebUI.
On certain router models, LAN-side VLAN segmentation and ACLs can limit local WebUI access, but these controls are optional and dependent on correct configuration.
DrayTek has released firmware updates for all impacted models. Users must update to the minimum firmware versions listed below to eliminate the vulnerability.
Failure to upgrade exposes routers to remote exploits that can compromise network integrity and allow lateral movement by threat actors.
| Model | Recommended Firmware Version |
|---|---|
| Vigor1000B | 4.4.3.6 or later |
| Vigor2962 | 4.4.5.1 or later |
| Vigor3910 | 4.4.5.1 or later |
| Vigor3912 | 4.4.5.1 or later |
| Vigor2135 | 4.5.1 or later |
| Vigor2763, 2765, 2766 | 4.5.1 or later |
| Vigor2865 Series variants | 4.5.1 or later |
| Vigor2866 Series variants | 4.5.1 or later |
| Vigor2927 Series variants | 4.5.1 or later |
| Vigor2915 | 4.4.6.1 or later |
| Vigor2862, 2926 Series | 3.9.9.12 or later |
| Vigor2952, 2952P, 3220 | 3.9.8.8 or later |
| Vigor2860, 2925 Series | 3.9.8.6 or later |
| Vigor2133, 2762, 2832 | 3.9.9.4 or later |
| Vigor2620, LTE 200n | 3.9.9.5 or later |
To safeguard networks immediately, administrators should disable remote WebUI and SSL VPN access on the WAN interface and enforce ACL rules that restrict WebUI reachability to trusted hosts only.
Where possible, implement VLAN segmentation on the LAN side to isolate management interfaces.
Organizations relying on remote management should adopt out-of-band solutions, such as dedicated management networks or zero-trust remote access tools, to reduce exposure.
Beyond network controls, prompt firmware updates are essential.
Confirm devices are running at least the recommended versions and schedule routine patch audits to identify any outdated installations.
Regularly review DrayTek security advisories and subscribe to vulnerability feeds for timely alerts.
Finally, conduct periodic penetration tests to validate that all remote management interfaces are correctly secured and monitor router logs for abnormal WebUI request patterns indicative of exploitation attempts.
We extend our sincere appreciation to Pierre-Yves MAES from ChapsVision for his responsible disclosure and timely reporting of this vulnerability, which has contributed to strengthening our security measures.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
The post DrayOS Routers Vulnerability Enables Remote Code Execution appeared first on Cyber Security News.
WAYNE COUNTY, Ind. (WOWO) — A superintendent is on administrative leave after being charged in…
WAYNE COUNTY, Ind. (WOWO) — A superintendent is on administrative leave after being charged in…
WAYNE COUNTY, Ind. (WOWO) — A superintendent is on administrative leave after being charged in…
Demonstrators rallied outside the Missouri Supreme Court on Tuesday, May 12, 2026, as judges weigh…
Demonstrators rallied outside the Missouri Supreme Court on Tuesday, May 12, 2026, as judges weigh…
Republican Rep. Todd Warner of Chapel Hill in rural Marshall County (pictured right) announced Monday…
This website uses cookies.