Call us: +61 2 9838 8899
FAX: +61 2 9838 8818

Blog

Home»Blog»New Firmware Released to Improve Security in DrayTek Routers

New Firmware Released to Improve Security in DrayTek Routers

DrayTek has released new firmware for several router models to improve security for users. The update addresses the SSL vulnerability CVE-2014-0224 also known as CCS Injection vulnerability.
The new firmware also includes bug fixes and improvements for some router models.
Firmware is now available for 13 models which include the following routers: Vigor2925 series, Vigor2960, Vigor300B, Vigor3900, VigorIPPBX2820, VigorIPPBX3510, Vigor2850, Vigor130, Vigor2760 delight version, Vigor2710ne, VigorPro 5510/5500/VigorPro 5300.

Some details of the improvements in the latest firmware are:

Vigor2925: Firmware version 3.7.4.2
• CVE-2014-0224 CCS injection vulnerability.
• Dashboard fixed

Vigor2960: Firmware version 1.0.8.2
• Upgrade OpenSSL to 0.9.8za to address security issues.
• Fixed: WCF (Web Content Filter) cannot be enabled when myVigor Portal changes Service Name from Commtouch to Cyren.
• Fixed: HA (High Availability).
• Fixed: DDNS failover 3G WAN didn’t work.

Vigor300B: Firmware Version: 1.0.8.2
• Web Portal stability improved
• Remove management port setting which may occupy port redirection.
• Add telnet timeout if not login in 60 seconds.
• Upgrade OpenSSL to 0.9.8za to address security issues.
• Fixed: CPU usage is too high when data flow monitor is enabled.
• Fixed: NAT Loopback to LAN More Subnet doesn’t work.
• Fixed: Reboot with Customized Configurations bug.
• Fixed: When firewall default policy (block) is used, HTTP is still available for access.
• Fixed: Web portal still supports URL redirect when login mode is disabled.
• Fixed: WAN Priority Bits didn’t work.
• Fixed: An error occurred in time object.
• Fixed: WCF (Web Content Filter) cannot be enabled when myVigor Portal changes
• Service Name from Commtouch to Cyren.
• Fixed: DDNS failover 3G WAN didn’t work.

Vigor3900 Series: Firmware Version: 1.0.8.2
• Improved: PPTP connection stability
• Improved Web Portal stability
• Remove management port setting which may occupy port redirection.
• Improved stability of High Availability function.
• Add telnet timeout if not login in 60 seconds.
• Fixed: High CPU usage when data flow monitor is enabled.
• Fixed: SSL VPN client not working
• Fixed: WCF license not working when HA is enabled.
• Fixed: CVM can’t perform configuration backup.
• Fixed: NAT Loopback to LAN More Subnet doesn’t work
• Fixed: DNS for PPTP Remote dial-in is not assigned according to the LAN Profile
• Fixed: Reboot with Customized Configurations bug
• Fixed: When firewall default policy (block) is used, HTTP is still available for access
• Fixed: Web portal still supports URL redirect when login mode is disabled
• Fixed: Packet count error when PPTP acceleration is enabled
• Fixed: mOTP User profile cannot be saved without Password
• Fixed: WAN Priority Bits doesn’t work
• Fixed: An error occurred in time object
• Fixed: An error occurred in WAN >> Switch mode >> double tag
• Upgrade OpenSSL to 0.9.8za to address security issues
• Fixed: WCF (Web Content Filter) cannot be enabled when myVigor Portal changes
• Fixed: HA (High Availability)
• Fixed: DDNS failover 3G WAN didn’t work

VigorIPPBXTM 2820 Series: Firmware Version: 3.5.10.1
• CVE-2014-0224 CCS injection vulnerability
• Fixed: When PVC WAN ran with PPPoE mode, SIP Trunk would fail to register

VigorIPPBX 3510 Series: Firmware Version: 3.5.10.1
• CVE-2014-0224 CCS injection vulnerability

Vigor2850 Series: Firmware Version: 3.6.6.1
• CVE-2014-0224 CCS injection vulnerability
Vigor130 Series: Firmware Version: 3.7.5.2
• CVE-2014-0224 CCS injection vulnerability

Vigor2760 Series (Delight): Firmware Version: 3.7.5.2
• CVE-2014-0224 CCS injection vulnerability
• Support all telnet commands in WEB console GUI.
• Support Huawei E3131, Huawei E3276 and ZTE MF823 USB dongles.
Vigor2710ne Series: Firmware Version: 3.2.8.1
• CVE-2014-0224 CCS injection vulnerability

VigorPro 5300 Series: Firmware Version: 3.3.6.3
• CVE-2014-0224 CCS injection vulnerability

VigorPro 5500 Series: Firmware Version: 3.3.5.1
• CVE-2014-0224 CCS injection vulnerability

VigorPro 5510 Series: Firmware Version: 3.3.6.3
• CVE-2014-0224 CCS injection vulnerability

The firmware can be downloaded from: http://www.draytek.com.au/downloads.php

Written by

The author didnt add any Information to his profile yet

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.