Skip to main content

Draytek Vigor routers, widely relied upon by homes and businesses across the Isle of Man, are facing a serious cybersecurity threat due to newly discovered critical vulnerabilities. According to recent reports, these flaws could enable attackers to take full control of affected devices

If you own a Draytek Vigor router, act now to update your firmware.

Detail

Research has identified multiple alarming vulnerabilities in Draytek Vigor routers. One of these flaws received a critical CVSS score of 10, signalling the potential for remote code execution (RCE). Further threats include command injection and cross-site scripting (XSS), which significantly heighten the risk of a full system compromise.

Globally, over 700,000 Draytek routers are exposed to these vulnerabilities, and on the Isle of Man, at least 450 devices have been flagged for not running the latest firmware. These routers, connected to Manx IP addresses, are prime targets for cybercriminals seeking to gain unauthorised control over entire networks.

Moreover, 260 Draytek routers remain vulnerable to CVE-2022-32548—a serious flaw reported in December 2022—leaving them open to significant cyber-attacks unless action is taken.

Recommendations

OCSIA urges Island residents, who use Draytek Vigor routers, to check their router device and update it with the latest firmware patch as soon as possible:

  • Check the model of router - If you use a Draytek router, you are strongly advised to check the model of router and ensure that the latest firmware update has been installed. (Firmware is software that provides basic machine instructions that allow the hardware to function and communicate with other software running on a device.)
  • Download the latest update - the latest firmware can be downloaded here, https://www.draytek.com/support/latest-firmwares. Make sure to download the correct software for your router.
  • Access your routers settings page – This can be done by typing in one of 192.168.1.1 into your browser (edge, google chrome, Firefox)
  • Login to the router - the credentials for this are often found at the back of your router or can be found here
  • Navigate to ‘firmware update’ - in the system maintenance section of your router
  • Follow the instructions to install the earlier downloaded upgrade.
  • Change the router password – create a new and strong password for your router.

 

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates