DrayTek routers worldwide crashed into chaos Saturday night, leaving countless users staring at endlessly rebooting devices. The digital nightmare spread across multiple countries, with ISPs including Gamma, Zen Internet, ICUK, and A&A confirming widespread outages.
Customers in the UK, Australia, and beyond watched helplessly as their once-reliable networking equipment betrayed them, flipping into restart cycles every 5-10 minutes. Not exactly how most people planned their weekend.
DrayTek users worldwide experienced the special joy of watching their routers reboot endlessly—tech’s version of a broken record.
The culprit? Either a buggy software update or attackers exploiting vulnerabilities. Take your pick. DrayTek’s router fleet suddenly became very good at one thing: rebooting itself. Reports flooded in about broadband circuits exhibiting repeated short sessions and system uptimes shorter than celebrity marriages.
By March 25, DrayTek published a support document addressing the chaos. Their advice was predictably technical: disconnect WAN cables, upgrade firmware, disable remote access features. Because nothing says “relaxing weekend” like emergency router maintenance.
Multiple ISPs scrambled to assist customers. ICUK pointed fingers at vulnerable firmware versions. Zen Internet urged users to upgrade or switch routers entirely. Gamma quickly clarified this wasn’t their fault, thank you very much. A&A speculated about links to recently disclosed vulnerabilities. Many users could have benefited from checking their router logs using DrayTek Syslog software to diagnose the exact cause of these unexpected reboots. Some savvy users discovered that removing USB devices from their routers helped resolve the persistent rebooting problem. The digital finger-pointing commenced while customers just wanted working internet.
Security implications look grim. With over 700,000 DrayTek routers potentially exposed online, this incident may connect to more significant security concerns. Some experts linked it to vulnerabilities rated 10/10 on the CVSS severity scale.
Others whispered about connections to a massive 260,000-device botnet recently mentioned by the FBI director. For affected users, options were limited but clear: upgrade firmware immediately, disable remote access features, or switch to different hardware. The incident highlights the importance of implementing technical intelligence to identify indicators of compromise before they escalate to widespread system failures.
Because in 2025, apparently we still can’t have nice things like stable internet connections without surprise weekend troubleshooting sessions.
