Skip to main content
In light of recent global events, there is a heightened risk of cyber-attacks. We urge local organisations to exercise additional vigilance when monitoring IT infrastructure. Please report suspicious activity to us via our Cyber Concerns Reporting Tool.
Report Here

To prevent a cyber-attack, OCSIA strongly advises that owners of Draytek routers take swift action to make sure that their router has the latest software.

Information received at this office has identified that 363 Draytek routers used by Isle of Man businesses and residents have not yet been updated to address a critical flaw.  This flaw, if not addressed, exposes local residents to the possibility of a far-reaching compromise of computer systems that is not difficult for hackers to achieve.  The consequences of a successful exploit would include sensitive data-extraction, access to devices on the network, spying on network traffic, collection of passwords and keys, and man-in-the-middle attacks.

Detail

Exploitation of this flaw (CVE-2022-32548) could lead to unauthenticated remote code execution (RCE). An RCE is an ability for one device to execute commands on another device.  In this instance, the threat is from an attacker who could exploit this vulnerability to take control of affected systems.

The following Youtube video demonstrates how an attacker could compromise the router and network, https://www.youtube.com/watch?v=9ZVaj8ETCU8

Vulnerable devices

Vigor3910 < 4.3.1.1
Vigor1000B < 4.3.1.1
Vigor2962 Series < 4.3.1.1
Vigor2927 Series < 4.4.0
Vigor2927 LTE Series < 4.4.0
Vigor2915 Series < 4.3.3.2
Vigor2952 / 2952P < 3.9.7.2
Vigor3220 Series < 3.9.7.2
Vigor2926 Series < 3.9.8.1
Vigor2926 LTE Series < 3.9.8.1
Vigor2862 Series < 3.9.8.1
Vigor2862 LTE Series < 3.9.8.1
Vigor2620 LTE Series < 3.9.8.1
VigorLTE 200n < 3.9.8.1
Vigor2133 Series < 3.9.6.4
Vigor2762 Series < 3.9.6.4
Vigor165 < 4.2.4
Vigor166 < 4.2.4
Vigor2135 Series < 4.4.2
Vigor2765 Series < 4.4.2
Vigor2766 Series < 4.4.2
Vigor2832 < 3.9.6
Vigor2865 Series < 4.4.0
Vigor2865 LTE Series < 4.4.0
Vigor2866 Series < 4.4.0
Vigor2866 LTE Series < 4.4.0

Recommended Actions

  • Check the model of router - If you use a Draytek router, you are strongly advised to check the model of router and ensure that the latest firmware update has been installed. (Firmware is software that provides basic machine instructions that allow the hardware to function and communicate with other software running on a device.)
  • Download the latest update - the latest firmware can be downloaded here, https://www.draytek.com/support/latest-firmwares. Make sure to download the correct software for your router.
  • Access your routers settings page – This can be done by typing in one of 192.168.1.1 - 168.0.1 - 192.168.1.254 - into your browser (edge, google chrome, Firefox)
  • Login to the router - the credentials for this are often found at the back of your router or can be found here
  • Navigate to ‘firmware update’ - in the system maintenance section of your router
  • Follow the instructions to install the earlier downloaded upgrade.
  • Change the router password – create a new and strong password for your router.

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates