DrayTek has released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10.

DrayTek even went out of its way to release a firmware patch for a now-discontinued router model. According to Qihoo, attacks have been observed against DrayTek Vigor 2960, 3900, and 300B.

The basic Vigor 2860 we tested is available online for under £150 (ex. VAT). Existing routers can also have their firmware upgraded to add the wireless management capability for free.

An ongoing hacking campaign called 'Hiatus' targets DrayTek Vigor router models 2960 and 3900 to steal data from victims and build a covert proxy network.

Vigor 2866, one of the DrayTek routers affected by the vulnerability. Photo: An Phat Several DrayTek network devices have encountered a severe security vulnerability, causing abnormal Internet ...