Latest News & Blog

Draytek DNS injection

Draytek router security advisory: CSRF & DNS Attacks

Friday 18 May, 2018

News

Today, we became aware of new attacks against DrayTek routers. The recent attacks have attempted to change DNS settings of routers. 

Its interesting to see how attackers continue to use the DNS system as a vector for them to effect web systems. This old bit of tech keeps coming unstuck and maybe the only real fix will be when everyone enforces the use of DNSSEC

 

DrayTek are in the process of releasing updated firmware, and will issue each ASAP to address this issue.

You should upgrade as soon as it is available but also immediately follow the advice below:

https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks

 

 

Written By...

Lee Simpson

Software Engineer, Linux Wizard, proud father of 3 boys