Critical DrayTek Router Flaw Allows Remote Attacks

Cyber Security News by CyberSum.net

Published on October 3, 2025 at 06:00 PM

3 sources

A critical vulnerability has been discovered in numerous DrayTek routers running DrayOS, allowing for potential remote code execution. The flaw can be exploited by an unauthenticated attacker sending a specially crafted request to the device's web interface. Successful exploitation can cause memory corruption, leading to a system crash or allowing an attacker to run arbitrary code. While routers with remote access disabled are protected from external threats, attackers on the local network can still exploit the vulnerability. The manufacturer has released firmware updates to patch the issue and strongly advises all users to upgrade their devices immediately.

Also Read

Salesforce Customer Data Leaked in Massive Extortion Plot

A hacking collective known as Scattered LAPSUS$ Hunters has launched a data leak site to extort dozens of companies. The group is threatening to release approximately one billion records stolen from victims' Salesforce instances if ransoms are not paid. High-profile organizations are listed on the site with samples of their stolen data, which includes sensitive customer and employee information. The threat actors are also pressuring Salesforce directly to pay a ransom to prevent the data of all its affected customers from being leaked. While the attacks targeted individual customer accounts, the cloud service provider states its core platform was not compromised.

By Cyber Security News by CyberSum.netOctober 3, 2025 at 06:00 PM