DrayTek points out an important firmware update that closes a security hole.
The problem is that it may be possible to intercept or start an administrator session and then change configurations on the router. According to own statements DrayTek got information about cases where changed DNS settings were reported. So you should install the new firmware in any case.
DrayTek has already fixed the bug with version 3.8.8.2, since a few days the version 3.8.9 is available. DrayTek also recommends to use only secure (TLS1.2) connections for web administration (for local and remote administration) and to disable remote access, if this is not required or until the firmware is updated.
New firmware is available for the following routers:
- Vigor2120
- Vigor2133
- Vigor2760Delight
- Vigor2762
- Vigor2830nv2
- Vigor2830
- Vigor2850
- Vigor2832
- Vigor2860
- Vigor2862
- Vigor2862B
- Vigor2912
- Vigor2925
- Vigor2920
- Vigor2926
- Vigor2952
- Vigor3200
- Vigor3220
- VigorBX2000
If your model is present, you should immediately download and install the new firmware here. As you know, security always comes first.