MS-ISAC Releases Advisory on DrayTek Devices

Original release date: April 1, 2020

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory regarding two vulnerable command injection points in DrayTek devices (CVE-2020-8515). An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC Advisory 2020-043 and the DrayTek Security Advisory for CVE-2020-8515 and apply the necessary updates and mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.