Accordingly, many users using DrayTek Vigor 2925/2926/2927 routers belonging to FPT, Viettel and VNPT networks have posted information on Facebook groups saying that they are experiencing loss of WAN connection, no IP, causing interruption of internet access. Notably, many businesses that are currently using this device line as their main router are also seriously affected.

Previously on March 7, cybersecuritynews warned that a series of serious security vulnerabilities in DrayTek Vigor 2925/2926/2927 routers widely deployed in small office/home office (SOHO) environments were discovered, putting the devices at risk of remote code execution (RCE), denial of service (DoS) attacks, and credential theft.

Details of the vulnerabilities include CVE-2024-51138 and CVE-2024-51139, which are buffer overflows and integer overflows in URL handling components, allowing an unauthenticated attacker to execute remote code.

Next are CVE-2024-41335 and CVE-2024-41336, two vulnerabilities in the authentication mechanism, allowing attackers to steal passwords or directly access passwords stored in plain text. Finally, CVE-2024-41339 is a vulnerability in the CGI configuration, allowing the upload of malicious kernel modules to gain administrative (root) rights to affected DrayTek routers.

Router DrayTek Vigor 2925/2926 and 2927 are being used by many Vietnamese users.

Photo: LC

Mr. TN, an FPT user, said he discovered the problem on the morning of March 23. He said: "I have been using DrayTek Vigor 2925 for more than 5 years and have almost never encountered such a problem before. Since early morning, I saw the IP camera in my house continuously reporting a loss of network connection. When I went to the DrayTek administration page, the Uptime section reported that it was disconnected after about 5 minutes and returned to 0, the longest was only about 1 hour."

Talking to a network testing technician, he said that this error occurred on all three networks: FPT, VNPT, Viettel, with suspicions that there was a security hole in the old firmware version of Virgor 2925 and was exploited by hackers. He said that on March 23, technical support had handled many cases of lost connection when using this router, the solution was to install the latest firmware.

The recommended temporary solution for this case is to check the firmware on the Vigor 2925, if you are using v3.8.3, update to v3.8.4 from the official website at http://fw.draytek.com.tw . Next, change the administrator password to a stronger password, do not use the default password.

Source: https://thanhnien.vn/nhieu-bo-dinh-tuyen-draytek-bi-mat-ket-noi-185250324091835776.htm