Aatrox Communications - DrayTek Routers Dropping Connections – Incident details

Hello, Aatrox Communications and many other ISPs both in AU and internationally have started seeing a couple of DrayTek CVE's being exploited over the last ~24 hours. More info can be found here: https://www.draytek.com/about/security-advisory/buffer-overflow-vulnerabilities-(cve-2024-51138-cve-2024-51139) https://www.draytek.com/about/security-advisory/denial-of-service,-information-disclosure,-and-code-execution-vulnerabilities It's important that if you are using a Draytek router you update the firmware to patch the vulnerabilities as soon as possible. Draytek router firmware can be found here - https://www.draytek.com/support/resources/routers#version Instructions on updating firmware can be found here- https://www.draytek.co.uk/support/guides/kb-firmwareupgrade-webui Once patched, check that Remote Management and router-side VPNs are turned off. 1) Disable Remote Management by going to [System Maintenance] > [Remote Management]. 2) Disable SSL VPN Service by going to [VPN and Remote Access] > [Remote Access Control]. 3) Reboot the router and reconnect the WAN cable. 4) Monitor the connection to see if the WAN remains stable. If you need help, please reach out to our support team.