Broadband ISPs Report UK Problems with Vulnerable DrayTek Routers UPDATE6
A number of broadband ISPs from across the United Kingdom (and possibly other countries too), such as ICUK and Andrews & Arnold (AAISP), have this weekend noticed an unusual increase in internet disconnections among customers who have DrayTek routers at home or in the office. The issue seems to be caused by a “router vulnerability“.
Regular readers will know that DrayTek has been in the news a few times recently due to security vulnerabilities (here and here), although at this stage it’s not 100% clear if the latest event is due to one of those (i.e. an existing vulnerability that some customers have neglected to patch) or a newer exploit. But it appears to be the former.
According to A&A, the issue of related broadband lines dropping and then reconnecting seems to have started at around 9:28pm on Saturday (22nd March 2025) and ran until this morning. Several other ISPs observed the same activity (examples here and here) and the providers soon started linking it to a small number of users with DrayTek routers. The issue impacted both broadband connections and leased lines.
Advertisement
A&A Status Update @ Mar 23, 10:27AM
A problem with Draytek routers meant many around the country (or world?) had problems staying connected from 21:30PM on Saturday evening. We expect a software upgrade to resolve the problem and strongly suggest customers with Draytek routers upgrade their software or try a different make of router. We have sent SMS/Emails to many of the affected customers pointing them to this status post. We have also emailed Draytek for comment.
ICUK Status Update @ Mar 23, 9:55AM
Since 21:30 yesterday evening we have witnessed an unusually high volume of session drops, primarily impacting BT Wholesale and [PXC] broadband sessions. The cause has been narrowed down to vulnerable firmware versions on Draytek routers.
If you are seeing broadband circuits exhibiting repeat short sessions, please upgrade the firmware to the latest version.
Likewise, if you are also using Draytek routers to support any Leased Lines, please also review the firmware version before undertaking any further trouble shooting.
Suffice to say, it’s quite telling that the title of ICUK’s status update is “Draytek Router Vulnerability“.
UPDATE 24th March 2025 @ 7:28am
Some providers are still reporting problems with DrayTek routers. For example, we spotted an interesting update from business ISP Gamma at 7:40pm last night, which indicates that the “issues seemed to commence following a firmware update rolled out by them“. The update doesn’t mention DrayTek by name, but the experiences match.
Gamma Status Update – Issued 23/03 19:40
Following on from the previous update all testing and data supports this being a CPE issue causing connectivity issues.
Our findings and commonalities point the issue to customers using one make of CPE equipment as described via public communication available online and as raised by other ISPs. Although no direct comments from the third party at this time, issues seemed to commence following a firmware update rolled out by them circa 9:30pm last night.
Gamma have worked with our network hardware vendor to see if a solution/mitigation is viable. This has not been possible due to the issue being outside of our equipment.
Thank you for your patience as we have investigated the root cause on this issue.
Whilst the incident remains with a third party device and is not an active Gamma incident we will continue to monitor the situation tomorrow as we see traffic demand rise and then provide a further update at 9AM.
We are hoping to get a response from DrayTek today, which may help to shed some light on precisely what has occurred.
Advertisement
UPDATE 24th March 2025 @ 9:57am
A&A has posted an additional update, which states that the problem “seems to be triggered by some sort of ‘attack’ against Draytek routers which have vulnerable software“. The provider has not yet been able to get a response from DrayTek, but they propose three possible solutions (indications suggest that no.1 won’t work for everybody).
A&A’s Proposed Solutions
Possible fix #1: We expect a software upgrade to resolve the problem and strongly suggest customers with Draytek routers upgrade their software or try a different make of router.
Possible fix #2: If software upgrade does not help, then make sure remote access to the router is disabled, and any VPN service is disabled – especially the sslvpn and ssh vpn. (In GUI go to: VPN and Remote Access > Remote access control)
Last resort fix #3: Replace the router with a different model (at least temporarily).
UPDATE 24th March 2025 @ 10:09am
Elsewhere, we’re hearing about similar issues occurring in Vietnam. According to a local distributor for the routers, An Phat, this is being caused by attacks that harness the previously reported critical security vulnerabilities including CVE-2024-51138, CVE-2024-51139, CVE-2024-41335, CVE-2024-41336, and CVE-2024-41339. But in the UK, we’ve also seen some patched DrayTek kit continuing to suffer. Hopefully DrayTek will issue a statement.
Advertisement
UPDATE 24th March 2025 @ 12:14pm
For some context. Zen Internet, which is home to a little under 200,000 broadband customers, has seen about 1,000 connections being impacted by this problem. Just to be clear, in most cases the DrayTek routers being impacted have not been supplied by ISPs, but are usually third-party purchases by customers themselves. Due to this, the ISP can only do so much to help impacted users address the problem.
UPDATE 24th March 2025 @ 2:30pm
We’ve had an official response from DrayTek, but it seems to avoid commenting on the specific cause of the issue itself and simply provides a bunch of tips.
DrayTek Statement
We have received reports of DrayTek routers disconnecting unexpectedly.
If you are experiencing this issue, please follow the steps below to troubleshoot:
- Disconnect the WAN cable.
- Log into the router’s Web UI and check the system uptime. If the uptime is lower than the last known reboot, this indicates the router recently restarted.
- Disable Remote Management by going to [System Maintenance] > [Remote Management].
- Disable SSL VPN Service by going to [VPN and Remote Access] > [Remote Access Control].
- Reboot the router and reconnect the WAN cable.
- Monitor the connection to see if the WAN remains stable.
Firmware check and update:
- Verify your router’s firmware version. If it is outdated, update it to the latest version.
- Before updating, note your current firmware version. If you do not have a copy of the current firmware, download it first.
- Take a configuration backup to avoid losing your settings.
If your WAN connection is stable:
- Even if your device is not disconnecting, it is good practice to ensure you are on the latest firmware.
- If your router is already on recent firmware and the newest version is not marked as Critical, an update may not be urgent but is still recommended for optimal performance and security.
UPDATE 28th March 2025
DrayTek has kindly issued a final report on the situation, which provides more information.
Security Advisory: DrayTek Routers Affected by Unexpected Disconnections and Reboots, Impacting Older Models
At DrayTek, we always prioritize the security and reliability of our customers’ networks. We are actively addressing a recent issue affecting some of our routers that has led to unexpected Internet disconnections and router reboots. This problem, which has been identified by several Internet Service Providers (ISPs), primarily impacts older DrayTek router models and those running outdated firmware.
Cause and Investigation
At DrayTek, we take these reports seriously and have been actively investigating the situation. Our investigation has determined that DrayTek Routers were targeted with repeated, suspicious, and potentially malicious TCP connection attempts originating from IP addresses with known bad reputations. These attempts could trigger the router to reboot in unpatched devices if those devices have SSL VPN Enabled, or Remote Management enabled without the protection of an Access Control List (ACL). If an ACL is enabled, but SSL VPN is also enabled then the ACL is not able to prevent the issue from occurring.Our investigations indicate that firmware updates from around 2020 effectively patched this issue, and this is the first confirmed instance of an exploit being used in the wild. The issue is primarily affecting older models or devices that have not been updated for several years.
Older Models Affected
The issue predominantly affects older DrayTek router models, some of which have been in use for over a decade without firmware updates and with default services remaining enabled. Routers configured with SSL VPN and Web Management exposed on the WAN interface are particularly at risk. However, routers that have these services disabled have not been affected.Firmware Updates Available for Some Models
Below is summary of devices which are affected but already have firmware available. However, in all cases we would recommend users are on the latest firmware because there have been other critical updates published.
- Vigor 2620Ln: Firmware 3.8.14 or later (Feb 2020)
- Vigor 2762 Series: Firmware 3.9.4 or later (Sept 2020)
- Vigor 2832 Series: Firmware 3.9.4 or later (Aug 2020)
- Vigor 2860 Series: Firmware 3.8.9.7 or later (Dec 2019)
- Vigor 2862 Series: Firmware 3.9.3 or later (Apr 2020)
- Vigor 2925 Series: Firmware 3.8.9.7 or later (Jan 2020)
- Vigor 2926 Series: Firmware 3.9.3 or later (Mar 2020)
- Vigor 2952: Firmware 3.9.4 or later (Jun 2020)
- Vigor 3220: Firmware 3.9.4 or later (Sept 2020)
However, several older models, such as the Vigor 2110, 2710, and others, do not currently have a firmware patch available.
Action Required for Affected Devices
We urge users of affected older models to take immediate action to ensure the continued stability of their networks. Here are the recommended steps if unable to access the devices:
- Disconnect the WAN cable, log into the router’s Web UI, and check the system uptime.
- If the uptime shows a recent reboot, disable Remote Management and SSL VPN.
- Reboot the router and reconnect the WAN cable.
- Monitor the connection for stability.
For users who still need remote management, enable an Access Control List (ACL) and disable SSL VPN.
Product Lifecycle and Recommendations
Many of the affected models are reaching the end of their product lifecycle. At DrayTek, we understand the importance of keeping your network secure. While we continue to provide guidance on mitigating the current issue, we recommend users with End of Life (EOL) models consider upgrading to newer models. Newer devices offer updated security features and improved performance. For assistance with upgrading, visit our EOL Product Equivalents page.
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.
« Broadband Operators in the UK Watch Nervously as DZS Falls Over
Advertisement
Leave a Reply
Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your entries for comment content, display name, IP and email in our database, for as long as the post remains live.
Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.
Interesting – I had my DrayTek 2766 disconnect briefly at 3am last night on A&A (Openreach), but I believe that was planned, due to LNS upgrades within their network. Needless to say, I’m running my router’s latest firmware, so all should be well, and indeed it’s been fine all day. The DrayTek is fairly young, but will eventually get replaced with a Teltonika RUTM if fibre ever arrives in this forgotten corner of a city of 130,000 people…
I have a Draytek 2866 and have had no drops since I connected it to the recently installed Plusnet fibre about 3 weeks ago (upgraded from Plusnet VDSL2). I did note a Draytek firmware update issued about 10 days ago and have duly updated it this evening. The 2866 works fine with the Openreach OMT via WAN port2 and provides the rated speed on test via the Think Broadband speed test.
Interest choice to announce you’re replacing a Draytek with a hardened industrial router with copper gigabit ports only for FTTP however if the environment is so hostile industrial kit intended for factory floors is necessary that might explain why the FTTP rollout is slow.
@Peter J – yes, the Draytek will work on FTTP via the ethernet WAN port, but having used Teltonika at work, I really like their firmware (OpenWRT based) and capabilities, and it’s a really neat little machine, properly rugged and nicely built. I’ll keep the Draytek as a spare/test router for a while.
@Polish Poler – it’s not that bad, lolz! See explanation above 🙂
Could the drops be down to end users updating their firmware over the weekend?
I know I wouldn’t want to be taking my connection down on a weekday.
I don’t think so, my brother is affected by the problem (which happened at the same time it seems to have occurred for others) and he definitely hadn’t upgraded his firmware. He mentioned the most recent firmware for his router is from early January so it seems unlikely others were upgrading at the same time.
It will be interesting to see the cause if it’s found.
No. Most people don’t care about taking the connection down briefly as long as it’s not in use.
There’s also that some party/parties were trying to compromise the routers and were doing it with a brute force attack on either the entire IPv4 address space or the bits in public use.
My 2760 has been down all day. I can get it to sync and connect and then it reboots. There aren’t any firmware updates available for me so whatever is going on, I don’t have a fix for it apart from to change router to a different make.
I’m in the same boat with a 2760, think it’s time for a new router unfortunately
worth trying this link I’ve resolved my customer problem doing this
Just disable remote management and any ssl services and it will be fine.
This exact issue happened to me! Connection drops every 5/10 mins overnight but it was fine when I put the Plusnet hub in. Time to invest in a different brand of router I think
My 2860 is functioning ok, updated to the latest fw when the alert first came out.
I have noticed in the past drops around 02:00 – 03:00, usually when the router has been up for a long time, typically over 10 days/
I assumed this was the dslam reconfiguring the line, which is 1500m in length,(over the 1000m length mentioned in the Huwei dslam documentation)
My 2866Vac with 4.4.6_BT using A&A over OR fibre has not had any breaks this weekend. Not remotely managed.
Thanks for the heads up on the upgrade – now done 18:30 24/03/25. Before upgrade I had no breaks in service for nearly 10 days (and that was to update to 4.4.6). VPN’s were disabled after the last Draytek problem highlighted on ISPreview. I note that the 4.4.6.1 build is dated March 5th or thereabouts which is before the problems noted here.
I received a call from a commercial customer today (Sunday) reporting that their internet was down.
Upon arrival, I inspected the rack setup: BT Fiber → Cisco 4321 Router → DrayTek Vigor2860 (WAN side).
I connected my PC to the LAN side of the DrayTek and noticed that my port was flapping every 10 seconds. Unplugging and reconnecting the routers didn’t resolve the issue.
Next, I used a Fluke meter to test the Cat6 cable from the Cisco router. The only address it pulled was IPv6—no IPv4.
I then removed the DrayTek and placed it on a test bench. When I connected it to a Virgin Media ISP, it failed to work. A factory reset and firmware update to v2860_3984_BT_576D17 got the router working. Testing with a bench Cisco 4321 router connected to Virgin Media confirmed everything functioned correctly.
However, when I returned to the customer’s site and reinstalled the DrayTek, the issue reappeared, despite coming directly from a working testbed. I checked all the usual cables—still nothing.
In my opinion, a software patch has been pushed somewhere, and unfortunately, the DrayTek is paying the price.
Mine been up and down since 9.30 last night, now upgraded Firmware to latest and seems to be stable again…
Similar update on the Aquiss WhatsApp support channel:
Draytek Router Issues
Since 21:30 yesterday we have seen a sudden drop in PPP sessions, resulting in short sessions. All cases so far seem to be linked to customers using Draytek routers.
We believe this is linked to firmware issues or Vulnerable Draytek’s that have not been patched with known security issues.
Update: We need to be clear, this issue is not related to Aquiss or Openreach. Service Providers across the UK are reporting the same.
If possible, we recommend updating the firmware on routers. Supporting this process is outside the support framework of Aquiss.
I’ve been having trouble with a 2830Vn restarting at roughly 5 minute intervals. Unfortunately as that model’s obsolete there are no further firmware updates so probably time to bin it and move on.
Try a Teltonika – very nice little rugged ‘industrial’ routers, with custom OpenWRT-based firmware and regular updates. A huge range of models, with or without Wi-Fi and SIM slots for 4G backup. If you need DSL, you’ll be stuck, but for pure ethernet setups they are great. Designed and built in Europe.
Comments from ISP Andrews and Arnold – :
“It’s a bit early to tell for sure… but it looks like the ‘attack’ against Draytek rotuers may have stopped at 19:11 Sunday evening… Time will tell. Customers should still upgrade the ‘attack’ could start up at any time… (Another ISP is reporting the same.)
….and from 19:34 it’s started up again, and Draytek routers are being knocked offline again…”
So it may be someone is attacking a hole in the draytek and updating the firmware is the fix.
If you have any Draytek’s that are EOL & not able to be patched.
As a temporary measure disable the SSL VPN this will stop the spurious reboots for now. But ultimately replace those EOL DRaytek’s
Legend! This has worked as a workaround for a number of our clients
Super helpful.
Massive Kudos to you!
I’ve got a 2762 connected via ethernet on the WAN port. Been patched with the latest f/ware, 2.9.9.2, since January. So far, no problems.
That’s 3.9.9.2
What’s happened to Draytek? I once loved their kit, but they fell by the way side on supporting new technology on hardware side so I went to buy other kit some years ago. They used to be good on the software side, but this seems to have slipped now.
You must be delusional, they was never good.
No you are wrong. Admittedly it was years ago, but they had sip phone support and vlan support for home use that all the other routers in that market didn’t. This was ADSL days. Not deluded at all. At the time they were good.
Yeah, I work for a small reseller and have seen 10 customers with short PPP sessions all dropping since 21:30 on the nose on 22/03.
It seems the Draytek website is actually down at the moment as well, which makes it a bit tricky to check firmware versions!
Wonder if it’s just overloaded from people doing the same, or whether the site is under attack as well…
It’s hitting us at Zen, too. We’ve got a constant queue on the go at the minute and all we can do now is advise customers update the firmware in their Draytek routers.
Wow, Both Draytek.com and draytek.co.uk completely down so leaving it impossible to grab hold of firmware updates via an alternative connection to fix the many broken connections at present.
Are Darytek planning to make Firmware updates available from other sources???
Catch22 for those with no internet access other than their Drayteks
If you keep hammering the retry you can get in eventually to pull the firmware.
We have also had a few customers hit with this today. still trying to apply firmware on some.
Thanks to eveyone that has posted here its been helpful to us this morning.
@Ich Draytek’s site was up 8 am. Didn’t look to me as though there were any new releases over the weekend but I was only really looking at my own router, of course.
Draytek website down so can’t download Firmware update what a nightmare
For which models are you looking for the firmware?
Anyone found another source for Firmwares with Draytek being down?
Thanks
Jordan – FibreConnect
We managed to grab some of the latest firmware versions this morning when their website was briefly online, what router model/s do you need?
The latest firmware for Draytek 2866ac, 2866Lac and 2866Vac (urgent update) and 2866 and 2866ax (less urgent) is 4.4.6.1_BT in the UK. I was able to download this version yesterday evening but I note that the Draytek website has been down for the last couple of hours so the download is not currently accessible.
https://fw.draytek.com.tw
ok at 11:30
Draytek HQ FTP site (in Taiwan) is still working:
https://fw.draytek.com.tw/
For a quick fix if you’re unable to upgrade the firmware. I managed to access the router remotely (none of the menu loaded) so use the web console and enter:
vpn remote SSLVPN off
sys reboot
—
The router should then stop rebooting. You may have to be patient and quick at executing the commands due to the router constantly rebooting.
From speaking to colleagues, seems that Draytek have a solution which is being currently being deployed
We have mangaged firmware downloads, so they are also available here https://telephonesystems.cloud/troubleshooting/draytek-router-issue/
Draytek’s .com site is down but their AU site is up – rescued me!
https://www.draytek.com.au/support/downloads/
My vigor 2760 did the same thing on saturday at 9.25pm, i thought it was the firmware, and I spent the most of sunday morning trying to fix it, but gave up and ordered a new one. Now I found its a vulnerability issue. They havent updated the firmware it was still dated from 2022.
I would suspect that is because the 2760 is EoL and out of support. My 2762 is now going on 7 years old so the 2760 is presumably closer to 10 years. To their credit, Draytek did provide an update for the 2762 back in January but it was one of the last to get updated and is clearly well down the priority list. I would not be surprised if support stops in the near future.
Same issues seen by us, you can download firmware from the link below whilst Draytek sort out the UK and other website issues, I presume they are using the technology they sell!
https://www.draytek.com.au/support/downloads/
Does anyone know if the new firmware fixes the 2860? Ive disabled the VPN services and the issue still happens.
I have not experienced any issues, yet. The VPN services were never used, and the latest software installed in January.
I’ve upgraded to the latest firmware for the 2860 and we haven’t experienced another disconnection yet (30 minutes)
Disconnect the WAN then run your firmware upgrade because of the constant restarts, I used v3 for to have the same modem codes. Firmware upgrade -> preview.
hi all
we are seeing issues with 2862n
you have to upgrade to a newer version.
the only problem is the firmware site is down.
We have an older Draytek (2830 V2) that is doing this. I’ve ordered a newer model via Amazon but would rather not have the cost. There is no new firmware. Any ideas? This is running our SIP lines so phones are down. We have a FTTP too, but wanted to keep both for backup.
@Kate
Have you disabled SSL VPN and unchecked “Allow Management from the Internet”?
This website has instructions for the V2865, which is the same menu options as per the V2860:
https://telephonesystems.cloud/troubleshooting/draytek-router-issue/
Heres a link to a mirror of thier sites that is up https://fw.draytek.com.tw/
This is one of the reasons i use a software router, because it’s open sourced and updated regularly. I know some ISPs like to be proactive and do fix things, but some others don’t and I can recall that at least two different UK ISPs when I had DSL never updated the router software even once because the firmware versions never changed. Many (most?) internet users won’t be inclined to check either
@Mark
Zen used to offer DrayTek routers as an upgrade for business customers.
Which might well explain why 0.5% of their connections are affected.
I used to work for a Zen reseller; Zen were regularly pushing us to offer them as a chargeable upgrade back then.
So the usual opaque announcement from Draytek.
This is exactly what they did before with the WPA2 vuln. Just said “we’ve fixed it”. Never gave any more info (unlike almost every other manufacturer with the issue).
They went onto my “do not buy/use/recommend” list at that point. As someone else said, their kit’s been pants for a long time.
Compare and contrast with Cloudflare, who give the most detailed RCA for every issue they have and full details of the actions they’ve taken to avoid it happening again (hopefully….) Usually fat-fingers these days :-).
Of course, to be fair, the downside of that is that publishing the details tells every hacker that doesn’t already know exactly what was vulnerable, leaving them to attack all the units that have not yet been patched.
The practice of not publishing a lot of detail is now quite wide-spread in the industry. It’s why you don’t get detailed error messages anymore. You just something stupid like “Oops something went wrong!…”.
@DaveZ: It depends. The WPA2 vuln (if I remember) was a vuln in the protocol itself, with a range of mitigations possible. Some were more effective than others, and to my mind it was critical to know what mitigation(s) a supplier had chosen to use to determine what, if any, mitigations elsewhere might be needed – and indeed if the claim to mitigate was valid.
Also, unfortunately, Draytek have form for very inadequate security by design. I came across at least one device that presented the web management logon screen on every interface. It was only when access was attempted that the IP/interface access list was enforced. And again, IIRC, you couldn’t prevent that by firewall rules either. Binned the lot of them as this was at an IT security consultancy. I’ve also raged against a DHCP server that refused to serve more than 253 addresses, even if it was running on an interface that was configured with a netmask smaller than 24. Both are rookie-level stuff, inexcusable on a “security” device, where’s the QC?
draytek.co.uk started responding but it now has a barracuda proxy protecting it. I’m being blocked from accessing it.
You have been blocked
You are unable to access this website
Why have I been blocked?
This website is using a security service to protect itself from online attacks. The action you just performed triggered this service. There are several actions that could result in being blocked including submitting a certain word or phrase, a SQL command or malformed data.
How can I resolve this?
You can email the site owner to let them know you were blocked. Please include what you were doing when this page occurred and the event ID found at the bottom of the page.
© 2025 Barracuda Networks, Inc. All rights reserved.
Yep, same here.
A right shambles all round.
Using a 3912 router, no problems at all, up and running for over 10 days on EE 1.6gb service
Always use Draytek and never had a problem with any of the kit, but as always kit needs to be up to date
At the end of the day there is probably no more vulnerabilities than any other router
There is no attacks every day, its hard for any manufacture to keep up to date, when they don’t know what the attack is going to be
Disable Remote Management by going to [System Maintenance] > [Remote Management].
Disable SSL VPN Service by going to [VPN and Remote Access] > [Remote Access Control].
Does that mean that they are worried about VPN security and remote access?
Based on previous experience with this PoS, almost certainly.
Hi We are a radio station (Spirit Radio) based in Ireland. We too are experiencing the exact same problems, and yes we are using a Draytek router. The problem was first notified to us yesterday morning (Monday 24 March 25)
We are a large builders merchant in Edinburgh and have our phones and business computer system intermittently disconnecting therefor unable to trade either on the phone or put orders on. Does anyone know of a ‘laymans’ term fix for this as none of us are qualified IT professionals.
@Grant – You need to log into the web interface for the Draytek device and disable the SSL VPN feature as per their official advice. It depends how yours has been configured but by default it will be accessible at http://192.168.1.1/ (connecting from inside your network) and the username and password are both admin but I suspect someone may have set a different IP address and/or password.
If you can get in, you need to navigate to VPN and Remote Access >> Remote Access Control Setup from the menu on the left and then untick “Enable SSL VPN Service” (assuming your company doesn’t use this feature). Ideally you want to disconnect it from the internet while you do this to stop it rebooting the process but without knowing your device or configuration I can’t say for sure how. If you have anything plugged into ports labelled WAN or DSL that would be a good bet.
Also, if you can get into the web interface you should probably look to upgrade the firmware as well. You just need to find the model on the Draytek website Downloads section and download the relevant ZIP file and extract the .all file. In the web interface, navigate to System Maintenance >> Firmware Upgrade from the menu and there’s an option there to upload the firmware from your computer and apply it to the device.
Good luck!
We have suffered from this issue too – Install a new router, we have used BT Business Hub 2 and are back in business.
I write from Italy, and i’ve the same issue today. I solved it by whitelisting my IP address from the access list from internet. If you don’t need access to the firewall from anywhere, I think it’s the best solution
The latest firmware for my 2860 applied yesterday PM (24th March) fixed the problem for us.
We have had to factory reset the router which had allowed update but now now phonelines or WiFi can anyone give advice
Our recently new already patched draytek router got hit today and rebooted, so this is still ongoing and there is clearly still a vunerability in SSL VPN even when patched. Draytek should be all over this and shockingly quiet.
We are continuing to see customers getting hit.
Hi Juliet, I am seeing this also on our Draytek estate variety of patched routers.
2762, 2766, 2763.
All rebooted at 0350 AM. This is still ongoing, agree it looks like SSL VPN vulnerability.
Also updated routers and still seeing issues on old 2860’s.
posting on here really helped as the uncheck of the SSL entry on VPN access control worked. i emailed UK Draytek tech support on the sunday it first happened and tbf got a reply same day .they are wrong though saying its pre 2020 firmware as we have had 2865 and 2766 do the same both on 5g external routers going into the Ethernet WAN ports and both did the same thing. these weren’t even released then.