Full Statement from DrayTek
“We have become aware of security reports with DrayTek routers related to the security of web administration when managing DrayTek routers.
In some circumstances, it may be possible for an attacker to intercept or create an administration session and change settings on your router. The reports appear to show that DNS settings are being altered. Specific improvements have been identified as necessary to combat this and we are in the process of producing and issuing new firmware. You should install that as soon as possible.
Until you have the new firmware installed, you should check your router’s DNS settings on your router and correct them if changed (or restore from a config backup).”
DrayTek have released firmware updates for the following models:
DrayTek 2760 (version 220.127.116.11 BT) – download here
DrayTek 2860 (version 3.8.8 BT) – download here
DrayTek 2862 (version 18.104.22.168 BT) – download here
When installing an update, ensure you use the .all file version to prevent a loss of router configuration. It is important you do NOT use the .rst file.
For assistance, contact Onecom on 03333 445 501 – select option 3, then option 1.