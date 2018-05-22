Network equipment vendor Draytek has said several of its wireless routers are vulnerable to exploits allowing hackers to remotely change the device's DNS and DHCP settings and potentially steal personal data to hijack web traffic.

According to a security advisory put out by the company, earlier this month it became aware of new attacks against web-enabled devices, which includes DrayTek routers. It said the recent attacks have attempted to change DNS settings of routers.

It warned that users should check their device's DNS settings, these should either be blank, set to the correct DNS server addresses from their ISP or DNS server addresses of a server which the users have deliberately set. It added that a known rogue DNS server is 38.134.121.95 – “if you see that, your router has been changed,” said the firm.

“In some circumstances, it may be possible for an attacker to intercept or create an administration session and change settings on your router. The reports appear to show that DNS settings are being altered. Specific improvements have been identified as necessary to combat this and we are in the process of producing and issuing new firmware. You should install that as soon as possible,” said Draytek in a statement to the press.

“Until you have the new firmware installed, you should check your router's DNS settings on your router and correct them if changed (or restore from a config backup). We also recommend only using secured (TLS1.2) connections for web admin (for local and remote admin) and disable remote admin unless needed, or until firmware is updated. The list of updated firmware versions is as follows.”

The company has release further details on the flaws and how to resolve the problem – the details can be found here and here. Dreytek added that its wireless access points (VigorAP series), switches (VigorSwitch series) and the Vigor 2950, 2955, 2960, 3900 and 3300 series routers are not affected and do not need updating.

