We have a 3220 series and our router was compromised during the latest DNS attack described here:
https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks

However we do have the latest firmware 3.8.8.2 already installed which was supposed to fix this!

I guess its not fixed!!

This may help.

https://www.draytek.co.uk/support/guides/kb-avoiding-csrf-attacks

John

Is it possible the DNS was changed prior to the firmware being updated?

Yes, likely changed before the update and not spotted.... but what IP addres wa ther DNS changed to ?

Thanks for the replies

the DNS was changed to: 38.134.121.95

Strangely we have just checked and the firmware 3.8.8.2 was released on the 18th May 2018. However we have not upgraded the firmware on this router for some time

Could it be possible that our Draytek is reporting the wrong firmware version?

screenshot of our current system information below

It seem pretty unlikely, web browser caches can sometimes cause confusion. If you want to double-check then you could look at the firmware version via the CLI using the command 'sys ver'

If you click the Web Console (it's an icon in the top right that looks a bit like an abacus) then you type type the cmd sys ver.