FlagThis

DrayTek router owners across the globe experienced widespread connectivity issues recently as their devices became stuck in reboot loops. Internet service providers worldwide have alerted their customers to the problem, which began on Saturday night, affecting multiple DrayTek router models. The affected routers would intermittently lose connectivity and enter a boot loop, rendering them inoperable and disrupting internet services.

It is believed that the root cause of the reboot loops is attributed to either attacks exploiting unspecified vulnerabilities or a buggy software update pushed by DrayTek. Some experts suggest that the problem may be due to existing vulnerabilities that customers have neglected to patch. In addition, GreyNoise has observed in-the-wild activity against several known vulnerabilities in DrayTek devices. The vulnerabilities are CVE-2020-8515, CVE-2021-20123, and CVE-2021-20124.

To address the issue, users experiencing unexpected disconnections are advised to disconnect the WAN cable, log into the router’s Web UI, and check the system uptime. DrayTek recommends checking the firmware version and ensuring that the latest version is installed and if remote access is enabled, disable it unless absolutely necessary. Users can view router logs and debug logs to identify potential causes of the reboot.


References :

• BleepingComputer: Many Internet service providers (ISPs) worldwide are alerting customers of an outage that started Saturday night and triggered DrayTek router connectivity problems.
• V is for...: "Since 21:30 yesterday evening we have witnessed an unusually high volume of session drops, primarily impacting BT Wholesale and TalkTalk broadband sessions. The cause has been narrowed down to vulnerable firmware versions on Draytek routers." Shock horror. Draytek suck.
• BleepingComputer: DrayTek routers worldwide go into reboot loops over weekend
• The Register - Security: Hm, why are so many DrayTek routers stuck in a bootloop?
• The DefendOps Diaries: Understanding the DrayTek Router Reboot Loop Crisis
• bsky.app: This looks like some threat actor tried to exploit vulnerabilities in DrayTek Vigor routers.
• The GreyNoise Blog: Amid Reports of Worldwide Reboots, GreyNoise Observes In-the-Wild Activity Against DrayTek Routers
• GreyNoise: GreyNoise is bringing awareness to in-the-wild activity against multiple known vulnerabilities in DrayTek devices.
• www.cybersecuritydive.com: DrayTek routers face active exploitation of older vulnerabilities
• securityonline.info: Recent reports have highlighted widespread issues with DrayTek routers, including numerous reboots in the UK and Australia, and
• The Hacker News: CISA Flags Two Six-Year-Old Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
• Risky Business Media: Ukraine’s state railway hit by a cyberattack, a ransomware attack reduces Malaysia’s largest airport to writing flight details on a whiteboard, buggy exploits put DrayTek routers in a reboot loop, and the NIST CVE backlog grows bigger despite efforts to address it.

Classification:

• HashTags: #DrayTek #Router #Cybersecurity
• Company: DrayTek
• Target: DrayTek router owners
• Product: Routers
• Feature: bootloop
• Type: HighRisk
• Severity: Medium