Alerts

We highlight current cyber security threats in New Zealand, and provide guidance on what to do if they affect you.

1:55pm, 5 August 2022

TLP Rating: Clear

DrayTek Router vulnerability

CERT NZ is aware of a possible exploit affecting some DrayTek routers.

Attacks can be performed  if the the device has been configured to be internet facing.

Exploitation of this vulnerability can lead to a full compromise which could result in a network breach and unauthorized access to internal resources.

CERT NZ is not currently aware of active exploitation of this vulnerability. However, we strongly recommend you investigate and patch any DrayTek devices on your network as soon as possible to prevent them from being compromised.

What's happening

Systems affected

DrayTek routers that are internet facing.

A full list of vulnerable devices can be found here:

DrayTek Router unauthenticated remote code execution vulnerability (CVE-2022-32548) | DrayTek External Link

What this means

All affected devices need to be updated with recommended patches to prevent the device from being compromised.

What to look for

How to tell if you're at risk

If you are using a DrayTek router, you may be at risk of being compromised.

This is a device that may be used in small businesses, home and remote working setups.

What to do

Mitigation

Ensure any DrayTek devices are patched with the latest software version.

As there are no other ways to prevent the vulnerability, if you cannot patch your device, you should consider disconnecting them or turning them off.

Patches and documentation for DrayTek can be found here:

Latest Firmwares | DrayTek External Link

Update the device using DrayTek’s recommended practices.

These practices can be found here: Upgrading Router Firmware using the Web Interface (draytek.co.uk) External Link

More information

Full details about this vulnerability can be found here:

DrayTek Router unauthenticated remote code execution vulnerability (CVE-2022-32548) | DrayTek External Link

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident for IT specialists | CERT NZ External Link