Amid Reports of Worldwide Reboots, GreyNoise Observes In-the-Wild Activity Against DrayTek Routers

GreyNoise has identified active exploitation attempts targeting DrayTek routers utilizing multiple known vulnerabilities, specifically CVE-2020-8515, CVE-2021-20123, and CVE-2021-20124. This activity correlates with reports of worldwide device reboots, indicating a potentially widespread campaign affecting network infrastructure. While no specific threat actor or malware family is explicitly attributed in this report, the exploitation of public-facing network devices poses a significant risk to organizational security perimeters. Attackers leveraging these flaws could gain unauthorized access, manipulate traffic, or disrupt services. Organizations utilizing DrayTek equipment are urged to immediately verify patch levels and apply available firmware updates to mitigate these risks. Network monitoring should be enhanced to detect anomalous traffic patterns associated with these CVEs. Prompt remediation is essential to prevent potential compromise of critical network boundaries and ensure continuity of operations amidst this observed in-the-wild activity.

GreyNoise is bringing awareness to in-the-wild activity against several known vulnerabilities (CVE-2020-8515, CVE-2021-20123, and CVE-2021-20124) in DrayTek devices.

GreyNoise has identified active exploitation attempts targeting DrayTek routers utilizing multiple known vulnerabilities, specifically CVE-2020-8515, CVE-2021-20123, and CVE-2021-20124. This activity correlates with reports of worldwide device reboots, indicating a potentially widespread campaign affecting network infrastructure. While no specific threat actor or malware family is explicitly attributed in this report, the exploitation of public-facing network devices poses a significant risk to organizational security perimeters. Attackers leveraging these flaws could gain unauthorized access, manipulate traffic, or disrupt services. Organizations utilizing DrayTek equipment are urged to immediately verify patch levels and apply available firmware updates to mitigate these risks. Network monitoring should be enhanced to detect anomalous traffic patterns associated with these CVEs. Prompt remediation is essential to prevent potential compromise of critical network boundaries and ensure continuity of operations amidst this observed in-the-wild activity. GreyNoise is bringing awareness to in-the-wild activity against several known vulnerabilities (CVE-2020-8515, CVE-2021-20123, and CVE-2021-20124) in DrayTek devices. GreyNoise is bringing awareness to in-the-wild activity against several known vulnerabilities (CVE-2020-8515, CVE-2021-20123, and CVE-2021-20124) in DrayTek devices.