DrayTek routers prior to 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649.
i-lan draytekl firmware