Patching DrayTek Routers
Recently, Internet hardware manufacturer DrayTek announced that they’d received reports about a vulnerability in managing their routers via the web. This vulnerability may allow malicious actors to intercept/ create an admin session and thus edit settings on the router, opening users up to a number of potential attacks - DNS hijacking, phishing and such.
As such, DrayTek are currently working to resolve the issue, creating firmware patches for all currently sold and supported devices, and are encouraging all users to install the patches as soon as possible in order to provide a continuing safe service.
With the potential vulnerability appearing to allow attackers to edit DNS settings, DrayTek recommends logging into your router, checking DNS settings (and correcting them if there’s been any changes to your standard setup). They also recommend ensuring that only secured (TLS1.2) connections are allowed for web admins, while also suggesting that remote admin rights should be disabled unless necessary (until updated firmware is installed).
Right now, DrayTek are working to provide effective patches for all the hardware options they provide - head over to their security announcement for an up to date list of all available firmware patches (note: at the time of publication, patches aren’t available for DrayTek 2830 routers, but these will be available soon).
On their website, you’ll be able to download the new firmware when it’s available through their firmware downloads page. If you’d like any support installing the firmware, or have any questions, don’t hesitate to get in touch with our support team at 0345 145 1234.
If you’re using a non-DrayTek router, there shouldn’t be any problem - but it’s always worth staying up to date with firmware patches and updates for all your hardware.