Security Advisory: Unexpected router disconnections and reboots
ExpiredModels Affected: See table below
Priority: Critical
Action Required: Ensure ACL is enabled in System Maintenance. Disable SSL VPN. Disable Remote Management. Update to latest firmware where available and check EOL status
March 2025, DrayTek would like to address a recent issue reported by several Internet Service Providers (ISPs) regarding DrayTek routers unexpectedly disconnecting from the Internet. These issues have been linked to intermittent connection drops, where some routers appear to lose connection, go up and down, and disrupt service. These disconnections were mainly observed in older models or devices running outdated firmware versions.
At DrayTek, we take these reports seriously and have been actively investigating the situation. Our investigation has determined that DrayTek Routers were targeted with repeated, suspicious, and potentially malicious TCP connection attempts originating from IP addresses with known bad reputations. These attempts could trigger the router to reboot in unpatched devices if those devices have SSL VPN Enabled, or Remote Management enabled without the protection of an Access Control List (ACL). If an ACL is enabled, but SSL VPN is also enabled then the ACL is not able to prevent the issue from occurring.
Our investigations indicate that firmware updates from around 2020 effectively patched this issue, and this is the first confirmed instance of an exploit being used in the wild. The issue is primarily affecting older models or devices that have not been updated for several years.
Our products are engineered for exceptional stability and longevity, which is why many EOL models, frequently over a decade old, remain in use worldwide. The issue has been linked to intermittent disconnections of these devices, many of which were set up years ago and have not been updated since, and is related to SSL VPN and HTTP/HTTPS remote management exposed on the WAN interface.
It is best practice to disable unused services and devices configured with SSL VPN and Web Management disabled have been unaffected.
Below is summary of devices which are affected but already have firmware available:
Model | Firmware | Release Date |
Vigor 2620Ln | 3.8.14 or later | 10th Feb 2020 |
Vigor 2762 Series | 3.9.4 or later | 28th Sept 2020 |
Vigor 2832 Series | 3.9.4 or later | 14th Aug 2020 |
VigorBX 2000 | 3.9.1 or later | 27th Dec 2019 |
Vigor 2860 Series | 3.8.9.7 or later | 31st Dec 2019 |
Vigor 2862 Series | 3.9.3 or later | 9th April 2020 |
Vigor 2925 Series | 3.8.9.7 or later | 24th Jan 2020 |
Vigor 2926 Series | 3.9.3 or later | 23rd March 2020 |
Vigor 2952 | 3.9.4 or later | 26th June 2020 |
Vigor 3220 | 3.9.4 or later | 4th Sept 2020 |
The below is a summary of some of affected models where no patch currently exists.
Model | Firmware |
Vigor 2110 | All |
Vigor 2710 | All |
Vigor 2760 | All |
Vigor 2820 | All |
Vigor 2830 | All |
Vigor 2830v2 | All |
Vigor 2850 | All |
Vigor 2920 | All |
Newer models not listed above are not affected.
Action Required
- If you have not already done disable remote management and SSL VPN Service for devices which are affected.
- If you have not already upgraded, update your firmware immediately. Before doing the upgrade, take a backup of your current config in case you need to restore it later [System Maintenance] > [Config Backup]. Do use the .ALL file to upgrade, otherwise you will wipe your router settings. If you are upgrading from a much older firmware, then please check the release notes carefully for any upgrading instructions.
We recommend the following troubleshooting steps for devices experiencing issues:
- Disconnect the WAN cable and log into the router's Web UI to check the system uptime. If the uptime is lower than the last known reboot, this indicates the router has recently restarted.
- Disable Remote Management and SSL VPN Service from the respective settings menus.
- Reboot the router and reconnect the WAN cable.
- Monitor the connection to see if the WAN remains stable
Where remote management to remain enabled, it has been found that disabling the SSL VPN Service and enabling an Access Control List (ACL) can act as a workaround.
For more detailed information and the latest firmware updates, please visit support page.
Product Lifecycle and Recommendations
DrayTek understands the importance of maintaining the reliability and security of your network. Many older models, especially those reaching the end of their product lifecycle, may face challenges in keeping up with modern security standards and performance demands. While we have been able to provide guidance on how to mitigate against the issue, as part of our commitment to your continued satisfaction, we advise considering the replacement of any EOL models. For more information about the product lifecycle, please visit our Product Lifecycle page.
If you are currently using an EOL model, we recommend exploring alternative replacement products that offer updated features and improved security. To help you find the best replacement options, we have compiled a list of recommended alternatives, which you can view on EOL Product Equivalents page. We are here to support you in ensuring the stability of your network and can guide you through available options for upgrades when necessary.
Summary
DrayTek is committed to providing the best support to our customers and ensuring the continued stability of their networks. We will continue to monitor the situation closely and appreciate your cooperation as we work to resolve these issues. If you need further assistance, please reach out to our Customer Support team via email at