Home > About > Security Advisory >

Unexpected Router Disconnections and Reboots

Number: DSA-2025-003
2025-03-28

DrayTek would like to address a recent issue reported regarding DrayTek routers unexpectedly disconnecting from the Internet. These issues have been linked to intermittent connection drops, where some routers appear to lose connection, go up and down, and disrupt service. These disconnections were mainly observed in older models or devices running outdated firmware versions.

At DrayTek, we take these reports seriously and have been actively investigating the situation. Our investigation has determined that DrayTek Routers were targeted to repeated, suspicious, and potentially malicious TCP connection attempts originating from IP addresses with known bad reputations. These attempts could trigger the router to reboot in unpatched devices if those devices have SSL VPN Enabled, or Remote Management enabled without the protection of an Access Control List (ACL). If an ACL is enabled, but SSL VPN is also enabled then the ACL is not able to prevent the issue from occurring.

Our investigations indicate that firmware updates from around 2020 effectively patched this issue, and this is the first confirmed instance of an exploit being used in the wild. The issue is primarily affecting older models or devices that have not been updated for several years.

Our products are engineered for exceptional stability and longevity, which is why many EOL models, frequently over a decade old, remain in use worldwide. The issue has been linked to intermittent disconnections of these devices, many of which were set up years ago and have not been updated since, and is related to SSL VPN and HTTP/HTTPS remote management exposed on the WAN interface.

It is best practice to disable unused services and devices configured with SSL VPN and Web Management disabled have been unaffected.

Below is summary of devices which are affected but already have firmware available:

Model Firmware Version Fixed since
Vigor 2120 3.8.17 or later 2025/06/10
Vigor 2133 3.9.9.3 or later 2025/06/18
Vigor 2620Ln 3.8.14 or later 2020/02/10
Vigor 2762 Series 3.9.9.3 or later 2025/06/18
Vigor 2832 Series 3.9.9.3 or later 2025/06/18
VigorBX 2000 3.9.1 or later 2020/01/09
Vigor 2912 3.8.11 or later 2020/03/18
Vigor 2925 Series 3.8.9.7 or later 2020/01/24
Vigor 2926 Series 3.9.3 or later 2020/03/23
Vigor 2952 3.9.4 or later 2020/06/26
Vigor 3220 3.9.4 or later 2020/09/04

The below is a summary of some of affected models where no patch exists

Model Firmware Version
Vigor 130 All
Vigor 2110 All
Vigor 2710 All
Vigor 2760 All
Vigor 2820 All
Vigor 2830 All
Vigor 2830v2 All
Vigor 2850 All
Vigor 2920 All

Newer models not listed above are not affected.

Action Required

  • If you have not already done disable remote management and SSL VPN Service for devices which are affected.
  • If you have not already upgraded, update your firmware immediately. Before doing the upgrade, take a backup of your current config in case you need to restore it later System Maintenance > Config Backup. Do use the .ALL file to upgrade, otherwise you will wipe your router settings. If you are upgrading from a much older firmware, then please check the release notes carefully for any upgrading instructions.
  • We recommend the following troubleshooting steps for devices experiencing issues:
    1. Disconnect the WAN cable and log into the router’s Web UI to check the system uptime. If the uptime is lower than the last known reboot, this indicates the router has recently restarted.
    2. Disable Remote Management and SSL VPN Service from the respective settings menus.
    3. Reboot the router and reconnect the WAN cable.
    4. Monitor the connection to see if the WAN remains stable.
  • Where remote management to remain enabled, it has been found that disabling the SSL VPN Service and enabling an Access Control List (ACL) can act as a workaround.

Product Lifecycle and Recommendations

DrayTek understands the importance of maintaining the reliability and security of your network. Many older models, especially those reaching the end of their product lifecycle, may face challenges in keeping up with modern security standards and performance demands. While we have been able to provide guidance on how to mitigate against the issue, as part of our commitment to your continued satisfaction, we advise considering the replacement of any EOL models.

Contact Technical Support

If you have any security-related queries, please reach out to us via the contact form to connect with our technical team.