We have become aware of security reports with DrayTek routers related to the security of web administration when managing DrayTek routers. 

In some circumstances, it may be possible for an attacker to intercept or create an administration session and change settings on your router. The reports appear to show that DNS settings are being altered. Specific improvements have been identified as necessary to combat this and we are in the process of producing and issuing new firmware. You should install that as soon as possible.

Until you have the new firmware installed, you should check your router's DNS settings on your router and correct them if changed (or restore from a config backup). We also recommend only using secured (TLS1.2) connections for web admin (for local and remote admin) and disable remote admin unless needed, or until firmware is updated. The list of updated firmware versions is as follows. We will be uploading the new firmware as soon as possible.

  • Vigor2120, version 3.8.8.2
  • Vigor2133, version 3.8.8.2
  • Vigor2760D, version 3.8.8.2
  • Vigor2762, version 3.8.8.2
  • Vigor2832, version 3.8.8.2
  • Vigor2860, version 3.8.8
  • Vigor2862, version 3.8.8.2
  • Vigor2862B, version 3.8.8.2
  • Vigor2912, version 3.8.8.2
  • Vigor2925, version 3.8.8.2
  • Vigor2926, version 3.8.8.2
  • Vigor2952, version 3.8.8.2
  • Vigor3200, version 3.8.8.2
  • Vigor3220, version 3.8.8.2
  • VigorBX2000, version 3.8.1.9
  • Vigor2830nv2, version 3.8.8.2
  • Vigro2830, version 3.8.8.2
  • Vigor2850, version 3.8.8.2
  • Vigor2920, version 3.8.8.2
  • Vigor2700, version 2.8.6
  • Vigor2700ge, version 2.8.6
  • Vigor2820, version 3.7.2
  • Vigor120_V2, version 3.7.2
  • Vigor2110, version 3.7.2
  • Vigor2710, version 3.7.2
  • Vigor2710e, version 3.7.2
  • Vigor2710ne, version 3.7.2

Paradise's Helpdesk Team can provide a managed update of your firmware. Downtime during business hours will be in the region of 30 minutes to implement the update, but is highly recommended that this is carried out as soon as possible.

Please call us on 01604 655900 for assistance.

Source: https://www.draytek.com/en/about/news/2018/notification-of-urgent-security-updates-to-draytek-routers  

comments powered by Disqus