1:55pm, 5 August 2022
TLP Rating:
DrayTek Router vulnerability
CERT NZ is aware of a possible exploit affecting some DrayTek routers.
Attacks can be performed if the the device has been configured to be internet facing.
Exploitation of this vulnerability can lead to a full compromise which could result in a network breach and unauthorized access to internal resources.
CERT NZ is not currently aware of active exploitation of this vulnerability. However, we strongly recommend you investigate and patch any DrayTek devices on your network as soon as possible to prevent them from being compromised.
What's happening
Systems affected
DrayTek routers that are internet facing.
A full list of vulnerable devices can be found here:
What this means
All affected devices need to be updated with recommended patches to prevent the device from being compromised.
What to look for
How to tell if you're at risk
If you are using a DrayTek router, you may be at risk of being compromised.
This is a device that may be used in small businesses, home and remote working setups.
What to do
Mitigation
Ensure any DrayTek devices are patched with the latest software version.
As there are no other ways to prevent the vulnerability, if you cannot patch your device, you should consider disconnecting them or turning them off.
Patches and documentation for DrayTek can be found here:
Latest Firmwares | DrayTek External Link
Update the device using DrayTek’s recommended practices.
These practices can be found here: Upgrading Router Firmware using the Web Interface (draytek.co.uk) External Link
More information
Full details about this vulnerability can be found here:
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
Report an incident for IT specialists | CERT NZ External Link