https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html

Summary
The Trellix Threat Labs Vulnerability Research team has found an unauthenticated remote code execution vulnerability, filed under CVE-2022-32548 affecting multiple DrayTek routers. The attack can be performed without user interaction if the management interface of the device has been configured to be internet facing. A one-click attack can also be performed from within the LAN in the default device configuration. The attack can lead to a full compromise of the device and may lead to a network breach and unauthorized access to internal resources. All the affected models have a patched firmware available for download on the vendor’s website.


worth a read and making sure our patches are all up to date!

See also: https://draytek.co.uk/support/security-advisories/kb-advisory-aug2022-cve-2022-32548

conversation from earlier here - https://forum.draytek.co.uk/viewtopic.php?t=24720

BT firmwares for all our devices as well.