DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
ZuoRAT exploit
- pharcyder
- Topic Author
- Offline
- Member
Less
More
- Posts: 165
- Thank you received: 1
30 Jun 2022 15:31 #101318
by pharcyder
ZuoRAT exploit was created by pharcyder
Any response from Draytek around the apparent ZuoRAT Risk against Draytek routers?
https://arstechnica.com/information-technology/2022/06/a-wide-range-of-routers-are-under-attack-by-new-unusually-sophisticated-malware/
Please Log in or Create an account to join the conversation.
- chainsawdude
- Offline
- Junior Member
Less
More
- Posts: 20
- Thank you received: 0
01 Jul 2022 13:10 #101320
by chainsawdude
Replied by chainsawdude on topic Re: ZuoRAT exploit
The reports say that ZuoRAT attacks routers that use the MIPS architecture, including Draytek.
My understanding is that MIPS is dead and no modern device should be using it.
Does anyone know which Draytek models use the MIPS architecture?
My understanding is that MIPS is dead and no modern device should be using it.
Does anyone know which Draytek models use the MIPS architecture?
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
02 Jul 2022 01:44 #101325
by hornbyp
Replied by hornbyp on topic Re: ZuoRAT exploit
The Research 'paper' that describes the exploit, appears to be
here
; it takes some reading though :shock:
(It does mention the Draytek Vigor 3900...)
Malwarebytes
have attempted to dissect what it says, but it's still not clear (to me).
(I'm not entirely sure where the 'MIPS' reference has come from though, nor what the current status of MIPS is - it does still seem to be
alive-and-kicking
)
(It does mention
(I'm not entirely sure where the 'MIPS' reference has come from though, nor what the current status of MIPS is - it does still seem to be
Please Log in or Create an account to join the conversation.
- timo_w2s
- Offline
- Junior Member
Less
More
- Posts: 27
- Thank you received: 0
03 Jul 2022 10:23 #101329
by timo_w2s
Replied by timo_w2s on topic Re: ZuoRAT exploit
Thanks for bringing this up as I was wondering what the situation is too. It would be nice to hear Draytek's view on all this.
What are people's views on regularly rebooting routers to help mitigate these attacks? (As I believe the initial malware only sits in the ram and is lost when rebooted) Is a reboot within the control panel enough to remove any potential malware or should we power down completely first? One of the things I like about my Draytek routers is they can have uptimes of months or years without issues but maybe I shouldn't be leaving them going that long...:shock: (normally my routers only get rebooted during firmware upgrades or power cuts)
What are people's views on regularly rebooting routers to help mitigate these attacks? (As I believe the initial malware only sits in the ram and is lost when rebooted) Is a reboot within the control panel enough to remove any potential malware or should we power down completely first? One of the things I like about my Draytek routers is they can have uptimes of months or years without issues but maybe I shouldn't be leaving them going that long...
Please Log in or Create an account to join the conversation.
- aimdev
- Offline
- Junior Member
Less
More
- Posts: 41
- Thank you received: 0
03 Jul 2022 17:01 #101330
by aimdev
Replied by aimdev on topic Re: ZuoRAT exploit
I informed Draytek UK via email on 29-Jun-2022, and I received a message that it would be passed on to the relevant team.
Included was the link identifying the issue.
They are aware of the issue.
Included was the link identifying the issue.
They are aware of the issue.
Please Log in or Create an account to join the conversation.
- chainsawdude
- Offline
- Junior Member
Less
More
- Posts: 20
- Thank you received: 0
03 Jul 2022 19:50 #101331
by chainsawdude
Replied by chainsawdude on topic Re: ZuoRAT exploit
I read somewhere (bleepingcomputer) that ZuoRAT uses known vulnerabilities that have been patched. If so then it could just be a matter of ensuring we are using the latest firmware.
In anycase I would like Draytek to say so, but the chances are that Draytek don't have enough information at present. (I don't think the security researchers are 100% certain of the details at this point)
In anycase I would like Draytek to say so, but the chances are that Draytek don't have enough information at present. (I don't think the security researchers are 100% certain of the details at this point)
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek