Any response from Draytek around the apparent ZuoRAT Risk against Draytek routers?

https://arstechnica.com/information-technology/2022/06/a-wide-range-of-routers-are-under-attack-by-new-unusually-sophisticated-malware/

The reports say that ZuoRAT attacks routers that use the MIPS architecture, including Draytek.

My understanding is that MIPS is dead and no modern device should be using it.
Does anyone know which Draytek models use the MIPS architecture?

The Research 'paper' that describes the exploit, appears to be here ; it takes some reading though :shock:
(It does mention the Draytek Vigor 3900...)
Malwarebytes have attempted to dissect what it says, but it's still not clear (to me).

(I'm not entirely sure where the 'MIPS' reference has come from though, nor what the current status of MIPS is - it does still seem to be alive-and-kicking )

Thanks for bringing this up as I was wondering what the situation is too. It would be nice to hear Draytek's view on all this.

What are people's views on regularly rebooting routers to help mitigate these attacks? (As I believe the initial malware only sits in the ram and is lost when rebooted) Is a reboot within the control panel enough to remove any potential malware or should we power down completely first? One of the things I like about my Draytek routers is they can have uptimes of months or years without issues but maybe I shouldn't be leaving them going that long... :shock: (normally my routers only get rebooted during firmware upgrades or power cuts)

I informed Draytek UK via email on 29-Jun-2022, and I received a message that it would be passed on to the relevant team.
Included was the link identifying the issue.
They are aware of the issue.

I read somewhere (bleepingcomputer) that ZuoRAT uses known vulnerabilities that have been patched. If so then it could just be a matter of ensuring we are using the latest firmware.
In anycase I would like Draytek to say so, but the chances are that Draytek don't have enough information at present. (I don't think the security researchers are 100% certain of the details at this point)