1:40pm, 5 August 2022
TLP Rating:
DrayTek Router RCE vulnerability
CERT NZ is aware of a possible exploit that is affecting some DrayTek routers.
Attacks can be performed without user interaction if the management interface of the device has been configured to be internet facing. Exploitation of this vulnerability can lead to a full compromise of the device and may lead to a network breach and unauthorized access to internal resources.
CERT NZ is not currently aware of active exploitation of this vulnerability. However, we strongly recommend you investigate and patch any DrayTek devices on your network as soon as possible to prevent them from being compromised.
What's happening
Systems affected
DrayTek routers that have interface management that is internet facing.
Devices where the affected service is not exposed externally are still vulnerable to a one-click attack from the local area network (LAN).
A full list of vulnerable devices can be found here:
What this means
All affected devices need to be updated with recommended mitigations to prevent the device from being compromised.
What to look for
How to tell if you're at risk
If you are using a DrayTek router, you may be at risk of being compromised.
This is a device that may be used in small businesses, home and remote working setups.
What to do
Mitigation
Ensure any DrayTek devices are patched to the latest version.
As there are no other ways to prevent the vulnerability, if you cannot patch these devices, you should consider disconnecting them or turning them off.
Patch documentation and files for DrayTek can be found here:
Latest Firmwares | DrayTek External Link
Update the device using the vendor’s recommended practices.
These practices can be found here: Upgrading Router Firmware using the Web Interface (draytek.co.uk) External Link
More information
Full details about this vulnerability can be found here:
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.