Unexus - Notice history

Internet providers worldwide have been hit by attacks in recent days that cause vulnerable DrayTek routers to reboot. "We have received several reports of unstable KPN connections in combination with Draytek hardware. After contacting KPN and the Dutch Draytek supplier, we can report the following: Worldwide abuse is being made on DrayTek routers with outdated firmware, which can cause the routers to reboot," reports internet company IP One.

Internet Diensten Texel also gives this message. "The various connections that have failed are causing a lot of pressure on our helpdesk. In order to help everyone as quickly as possible, we unfortunately cannot speak to you by phone", the company further states. "We currently only see it happening with the Draytek 2133 and not the other models, but the problem can occur with other types", says internet company Weserve.

"Some customers are experiencing problems with their routers rebooting. This is related to vulnerabilities that were reported and patched in early 2024," DrayTek importer Xpert Data reports. The problem concerns a large number of models. In addition to Dutch internet providers, foreign ISPs are also reporting problems. DrayTek itself speaks of a vulnerability, but not of active abuse. The manufacturer advises disabling the remote access and SSL VPN options for unpatched routers. In addition, it is recommended to purchase a new model in the case of 'too old' routers.

Unexus is currently investigating how we can mitigate these problems as soon as possible.

Multiple customers are experiencing issues logging into clients. We are investigating the disruptions and will report back as soon as we have an update.

The cause is known and it is expected that this problem will be resolved soon.