DrayTek routers in Vietnam actively attacked causing Internet disruptions
Take action: If you are running DrayTek Vigor routers, time to start patching IMMEDIATELY! The flaws are already being actively exploited. Until you are able to patch immediately, disable remote access unless absolutely necessary, disable both remote access (admin) and SSL VPN and enable 2FA where possible.
Learn More
Attacks on DrayTek network devices have disrupted Internet connections for multiple personal and business users across Vietnam. The attack began on March 23, 2025 and has caused widespread connectivity problems for customers of major Vietnamese internet service providers including FPT, VNPT, and Viettel.
The incident has resulted in WAN disconnections, no IP address assigned, device restarts and instability and connection drops approximately every five minutes
An operator of an Internet café in Ho Chi Minh City, reported persistent network instability despite multiple device restarts. Another user who has used the DrayTek Vigor 2925 for over five years, experienced recurring disconnections with IP cameras, noting that router uptimes were resetting to zero approximately every five minutes.
An Phat, the official DrayTek distributor in Vietnam, has identified these problems as stemming from critical security vulnerabilities:
- CVE-2024-51138
- CVE-2024-51139
- CVE-2024-41335
- CVE-2024-41336
- CVE-2024-41339
The exact number of affected users and the total impact value of the incident have not been disclosed.
DrayTek has released new firmware updates to patch these vulnerabilities. The company and its distributor recommend that users check their current firmware version, upgrade to the latest firmware version from the official DrayTek website, set strong administrator passwords and isolate the router management interfaces from the Internet
