Several DrayTek network devices have encountered a severe security vulnerability, causing abnormal Internet connection disruptions for both personal and business users in Vietnam.

Many Internet users in Vietnam, including those using FPT, VNPT, and Viettel services, reported experiencing WAN disconnection issues, lack of IP assignment, and interrupted Internet access starting from the morning of March 23.

The affected devices include DrayTek routers such as the Vigor 3960/2962/2925, 2865/2866 series, and several other models. Businesses relying on these routers also faced similar problems.

Impact on users and businesses

The incident has significantly affected users, disrupting their work and business operations.

N.H., the owner of an Internet service café in Thu Duc, Ho Chi Minh City, stated that his café uses the Vigor 2925 router. Since the morning of March 23, the network has been intermittently unstable despite multiple device restarts.

After researching online, he discovered that many others were experiencing the same problem. Following technical support instructions, the system eventually stabilized.

Another user, T.N., who has used the DrayTek Vigor 2925 for over five years in Ho Chi Minh City, reported that his IP camera repeatedly lost connection starting on March 23.

Accessing the DrayTek management page showed that the uptime reset to zero every five minutes, with the longest duration being just about an hour.

Security vulnerabilities identified

In response to user complaints, An Phat, the official distributor of DrayTek in Vietnam, issued a notice regarding the issue. According to the distributor, this is a critical security vulnerability identified as CVE-2024-51138, CVE-2024-51139, CVE-2024-41335, CVE-2024-41336, and CVE-2024-41339.

These vulnerabilities allow hackers to perform remote intrusions, gain unauthorized access to internal networks, execute malicious code, and take control of affected devices.

To address the issue, DrayTek has released a new firmware update to patch the vulnerabilities. Individual and business users are advised to check their current firmware version and promptly upgrade to the latest version available on the official DrayTek website or seek technical support for assistance.

The distributor also recommends that customers avoid accessing the router's management interface from the Internet unless necessary. Users should set strong administrator passwords and enable two-factor authentication (if available).

Additionally, they should monitor system alerts and notifications from the manufacturer for any updates or security warnings.

Le My