Cybersecurity researchers with Qihoo 360’s NetLab unveil details of two zero-day cyberattack campaigns in the wild targeting DrayTek networking devices. At least two separate groups of hackers exploited two critical remote command injection vulnerabilities. The attacks started somewhere at the end of last November or at the beginning of December and are potentially still ongoing against thousands of publicly exposeds, devices that haven’t yet been patched with the latest firmware updates released last month. The list of affected firmware versions are as follow:
Source: https://thehackernews.com/2020/03/draytek-network-hacking.html