DrayTek Router Zero-Day Under Attack

  • 18 May 2018
  • 1 reply
  • 217 views

Userlevel 7
Badge +54
18th May, 2018, By Catalin Cimpanu
 


 
DrayTek, a Taiwan-based manufacturer of broadband CPE (Customer Premises Equipment) such as routers, switches, firewalls, and VPN devices, announced today that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers.
 
The company admitted to the attacks after several users reported on Twitter about finding DrayTek routers with DNS settings changed and pointing to an unknown server located at 38.134.121.95.
 
Full Article.

1 reply

Userlevel 7
Badge +54
23rd May, 2018 By Graham CLULEY
 
The manufacturer advises that an indicator that your router may have been compromised is if its DNS settings have been configured to use a known rogue DNS server at 38.134.121.95.
 
Instead your DNS settings should be either blank, set to the DNS server addresses from your ISP, or a well-known DNS server such as the one run by Google at 8.8.8.8
 


 
Full Article.

Reply