Lakeside House, Quarry Lane, Chichester PO19 8NY

Critical vulnerabilities that need action

Today (05/08/2022), DrayTek has released patches to address a critical vulnerability which is affecting multiple DrayTek routers.

The attacker doesn’t need any credentials or user interaction to exploit the vulnerability. Using a specially crafted pair of credentials, attackers can trigger the flaw and take control of the device’s operating system.

Hackers who exploit this vulnerability could potentially perform the following actions:

  • Complete device takeover
  • Information access
  • Laying the ground for stealthy man-in-the-middle attacks
  • Changing DNS settings
  • Using the routers as DDoS or cryptominer bots
  • Pivoting to devices connected to the breached network

We are currently in the process of auto-remediating devices that are known to be vulnerable, with an approved patch from the vendor.

If you need any additional information, or would like to speak to a member of our team, please email

Visit LMS Group HQ