Today, we became aware of new attacks against DrayTek routers. The recent attacks have attempted to change DNS settings of routers.
Its interesting to see how attackers continue to use the DNS system as a vector for them to effect web systems. This old bit of tech keeps coming unstuck and maybe the only real fix will be when everyone enforces the use of DNSSEC
DrayTek are in the process of releasing updated firmware, and will issue each ASAP to address this issue.
You should upgrade as soon as it is available but also immediately follow the advice below:
https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks