First zero day pwnage I can remember they've ever had.
I think they are great, nowhere near the quality of a proper stand-alone router but as an all in one unit with multiple wans for concurrent ADSL and 4G, noisy lines being so fault tolerant with CRC etc they suit my clients perfectly - light years better than the stock ISP garbage such as *T allegedly.
I've got a couple of dozen of the 2825 but mostly 2860 in the field and only one got pwned but I had to go to the site to fix it today. It's a nuisance hack they could have done far worse! I always leave direct router remote access disabled and use a computer on the lan to log in but this one I'm sure got it's settings changed and enabled by the VOIP techs who run a similar Draytek to run their phones from a separate ADSL line which gets its DHCP from ours along with the handsets. After discussions with the (unnamed) telco's techs who run 2k of these thinking that a different remote admin port that they would be immune to getting pwned, after 2 phone calls this afternoon and evening they are now currently upgrading all of them ;-)