Critical security vulnerabilities discovered in several DrayTek products

Tech

Addicted Member
Special Friend
Lid sinds
8 feb 2001
Berichten
1.119
Waarderingsscore
257
Punten
83
Leeftijd
62
Locatie
Doetinchem
We are writing to inform you about critical security vulnerabilities discovered in several DrayTek products on June 20, 2024. These vulnerabilities include Cross-Site Scripting, Denial of Service, and Remote Code Execution issues. We have addressed these concerns and released firmware updates to enhance security.

Vulnerability Details:

  • Published Date: 2024/10/4
  • CVE IDs: CVE-2024-41583 to CVE-2024-41596
  • Types: Cross-Site Scripting, Denial of Service, Remote Code Execution

CVE number CVSS CVE-2024-41583 4.7 CVE-2024-41584 4.7 CVE-2024-41585 6.8 CVE-2024-41586 8 CVE-2024-41587 5.4 CVE-2024-41588 8 CVE-2024-41589 8.8 CVE-2024-41590 8 CVE-2024-41591 6.1 CVE-2024-41592 8 CVE-2024-41593 9.8 CVE-2024-41594 7.5 CVE-2024-41595 8 CVE-2024-41596 8

Urgent Action Required:

1. Upgrade your firmware immediately to the version listed below for your device.
2. Before upgrading:

  • Back up your current configuration (System Maintenance > Config Backup).
  • Use the ".ALL" file for upgrading to preserve your settings.
  • If upgrading from an older version, review the release notes for specific instructions.

3. If remote access is enabled:

  • Disable it unless absolutely necessary.
  • Use an access control list (ACL) and enable 2FA if possible.
  • For unpatched routers, disable both remote access (admin) and SSL VPN.
  • Note: ACL doesn't apply to SSL VPN (Port 443), so temporarily disable SSL VPN until upgraded.
Affected Products and Fixed Firmware Versions:

  • Vigor165 - 4.2.7
  • Vigor166 - 4.2.7
  • Vigor1000B - 4.3.2.8 4.4.3.2*
  • Vigor2133 - 3.9.9
  • Vigor2135 - 4.4.5.3
  • Vigor2620 LTE - 3.9.8.9
  • Vigor2762 - 3.9.9
  • Vigor2763 - 4.4.5.3
  • Vigor2765 - 4.4.5.3
  • Vigor2766 - 4.4.5.3
  • Vigor2832 - 3.9.9
  • Vigor2860 / 2860 LTE - 3.9.8
  • Vigor2862 / 2862 LTE - 3.9.9.5
  • Vigor2865 / 2865 LTE - 4.4.5.2
  • Vigor2866 / 2866 LTE - 4.4.5.2
  • Vigor2915 - 4.4.3.2
  • Vigor2925 / 2925 LTE - 3.9.8
  • Vigor2926 / 2926 LTE - 3.9.9.5
  • Vigor2927 / 2927 LTE / 2927L-5G - 4.4.5.5
  • Vigor2952 / 2952 LTE - 3.9.8.2
  • Vigor2962 - 4.3.2.8 4.4.3.1
  • Vigor3220n - 3.9.8.2
  • Vigor3910 - 4.3.2.8 4.4.3.1
  • Vigor3912 - 4.3.6.1

*Firmware unreleased

Additional Security Measures:

  • Regularly check for and apply firmware updates.
  • Implement strong, unique passwords for all accounts.
  • Enable and configure firewall settings appropriately.
  • Monitor your network for any suspicious activities.
Next Steps:If you haven't already, please update your device immediately. For products with unreleased firmware (marked with *), please stay vigilant for our upcoming announcements and update promptly once available.

Should you need any assistance with the update process or have security-related inquiries, please don't hesitate to contact our Technical Support team.

We appreciate your prompt attention to this critical security matter and thank you for your continued trust in DrayTek products.

Best regards, DrayTek Security Team
 
Die van mij zit er dus ook tussen..... :rolleyes2:
 
Ik gebruik gelukkig Fritz, dus geen last van, maar is wel opvallend dat er zoveel verschillende modellen van Draytek getroffen zijn.
 
Vaak hebben de draytek modellen dezelfde firmware..
 



Hosting Fun

Advertenties

Terug
Bovenaan Onderaan