DrayTek Routers Dropping Connections

Incident Report for Aatrox Communications

Update

We are continuing to monitor for any further issues.
Posted Mar 24, 2025 - 10:22 AEDT

Monitoring

Hello,

Aatrox Communications and many other ISPs both in AU and internationally have started seeing a couple of DrayTek CVE's being exploited over the last ~24 hours.

More info can be found here:
https://www.draytek.com/about/security-advisory/buffer-overflow-vulnerabilities-(cve-2024-51138-cve-2024-51139)
https://www.draytek.com/about/security-advisory/denial-of-service,-information-disclosure,-and-code-execution-vulnerabilities

It's important that if you are using a Draytek router you update the firmware to patch the vulnerabilities as soon as possible.

Draytek router firmware can be found here - https://www.draytek.com/support/resources/routers#version

Instructions on updating firmware can be found here- https://www.draytek.co.uk/support/guides/kb-firmwareupgrade-webui

Once patched, check that Remote Management and router-side VPNs are turned off.

1) Disable Remote Management by going to [System Maintenance] > [Remote Management].
2) Disable SSL VPN Service by going to [VPN and Remote Access] > [Remote Access Control].
3) Reboot the router and reconnect the WAN cable.
4) Monitor the connection to see if the WAN remains stable.

If you need help, please reach out to our support team.
Posted Mar 24, 2025 - 10:21 AEDT
This incident affects: New Zealand (New Zealand Ultra-Fast Broadband) and Australia (NBN Broadband).
Current Status Powered by Atlassian Statuspage