Expired

Security Advisory: Unexpected router disconnections and reboots

Expired

Models Affected: See table below

Priority: Critical

Action Required: Ensure ACL is enabled in System Maintenance. Disable SSL VPN. Disable Remote Management. Update to latest firmware where available and check EOL status

March 2025, DrayTek would like to address a recent issue reported by several Internet Service Providers (ISPs) regarding DrayTek routers unexpectedly disconnecting from the Internet. These issues have been linked to intermittent connection drops, where some routers appear to lose connection, go up and down, and disrupt service. These disconnections were mainly observed in older models or devices running outdated firmware versions.


At DrayTek, we take these reports seriously and have been actively investigating the situation. Our investigation has determined that DrayTek Routers were targeted with repeated, suspicious, and potentially malicious TCP connection attempts originating from IP addresses with known bad reputations. These attempts could trigger the router to reboot in unpatched devices if those devices have SSL VPN Enabled, or Remote Management enabled without the protection of an Access Control List (ACL). If an ACL is enabled, but SSL VPN is also enabled then the ACL is not able to prevent the issue from occurring.


Our investigations indicate that firmware updates from around 2020 effectively patched this issue, and this is the first confirmed instance of an exploit being used in the wild. The issue is primarily affecting older models or devices that have not been updated for several years.


Our products are engineered for exceptional stability and longevity, which is why many EOL models, frequently over a decade old, remain in use worldwide. The issue has been linked to intermittent disconnections of these devices, many of which were set up years ago and have not been updated since, and is related to SSL VPN and HTTP/HTTPS remote management exposed on the WAN interface.


It is best practice to disable unused services and devices configured with SSL VPN and Web Management disabled have been unaffected.

Below is summary of devices which are affected but already have firmware available:

Model Firmware Release Date
Vigor 2620Ln 3.8.14 or later 10th Feb 2020
Vigor 2762 Series 3.9.4 or later 28th Sept 2020
Vigor 2832 Series 3.9.4 or later 14th Aug 2020
VigorBX 2000 3.9.1 or later 27th Dec 2019
Vigor 2860 Series 3.8.9.7 or later 31st Dec 2019
Vigor 2862 Series 3.9.3 or later 9th April 2020
Vigor 2925 Series 3.8.9.7 or later 24th Jan 2020
Vigor 2926 Series 3.9.3 or later 23rd March 2020
Vigor 2952 3.9.4 or later 26th June 2020
Vigor 3220 3.9.4 or later 4th Sept 2020

 The below is a summary of some of affected models where no patch currently exists.

Model Firmware
Vigor 2110 All
Vigor 2710 All
Vigor 2760 All
Vigor 2820 All
Vigor 2830 All
Vigor 2830v2 All
Vigor 2850 All
Vigor 2920 All

Newer models not listed above are not affected.

Action Required

  • If you have not already done disable remote management and SSL VPN Service for devices which are affected.
  • If you have not already upgraded, update your firmware immediately. Before doing the upgrade, take a backup of your current config in case you need to restore it later [System Maintenance] > [Config Backup]. Do use the .ALL file to upgrade, otherwise you will wipe your router settings. If you are upgrading from a much older firmware, then please check the release notes carefully for any upgrading instructions.

We recommend the following troubleshooting steps for devices experiencing issues:

  1. Disconnect the WAN cable and log into the router's Web UI to check the system uptime. If the uptime is lower than the last known reboot, this indicates the router has recently restarted.
  2. Disable Remote Management and SSL VPN Service from the respective settings menus.
  3. Reboot the router and reconnect the WAN cable.
  4. Monitor the connection to see if the WAN remains stable 

Where remote management to remain enabled, it has been found that disabling the SSL VPN Service and enabling an Access Control List (ACL) can act as a workaround.

For more detailed information and the latest firmware updates, please visit support page.

Product Lifecycle and Recommendations

DrayTek understands the importance of maintaining the reliability and security of your network. Many older models, especially those reaching the end of their product lifecycle, may face challenges in keeping up with modern security standards and performance demands. While we have been able to provide guidance on how to mitigate against the issue, as part of our commitment to your continued satisfaction, we advise considering the replacement of any EOL models. For more information about the product lifecycle, please visit our Product Lifecycle page.

If you are currently using an EOL model, we recommend exploring alternative replacement products that offer updated features and improved security. To help you find the best replacement options, we have compiled a list of recommended alternatives, which you can view on EOL Product Equivalents page. We are here to support you in ensuring the stability of your network and can guide you through available options for upgrades when necessary.

Summary

DrayTek is committed to providing the best support to our customers and ensuring the continued stability of their networks. We will continue to monitor the situation closely and appreciate your cooperation as we work to resolve these issues. If you need further assistance, please reach out to our Customer Support team via email at This email address is being protected from spambots. You need JavaScript enabled to view it..