Hi Guys - DrayTek doesn't appear on the list (https://cablehaunt.com) but can we confirm the vulnerability doesn't exist?

Well, it's not a cable modem... and assuming they are competent, they would have referred to DSL modems or 'modems' as they'd know the difference, so I'd guess not. They also refer specifically to 'coax'.

Personally (i.e. this isn't from DrayTek!), this looks like a team trying to get a name for themselves, giving an alleged vuln a fancy logo and web site with their names made clear

"We are a small unknown crew with no reputation"

then again, the best started with no reputation.

That's not to say it's not real... I've no idea if it's real, viable, useful, likely or harmful.


And this is silly:

"There are an estimated 200 million cable modems in Europe alone. With almost no cable modem tested being secure..."

Wow! I wonder how big their sample size was. Oh, wait:

"The vulnerability was found across 4 different vendors..."

Anyway, I don't think DrayTek uses the common libraries that other vendors use (DrayOS is proprietary) and doesn't have the spectrum analyser they refer to, as far as I know...but then I'm not a tech. Ask DrayTek....

It doesn't apply to DSL modems, is very hard to exploit so another set of panic posts.

Does Draytek push updates to your device? No. Can you reach 192.168.2.1:8080 ?