Call us: +61 2 9838 8899
FAX: +61 2 9838 8818

Blog

Home»Blog»Security Alert, New Firmware and Application Notes for DrayTek Products

Security Alert, New Firmware and Application Notes for DrayTek Products

Security Alert


CSRF Vulnerability

 

It has been reported that some web-enabled devices, including some DrayTek routers, have been compromised. The report shows that it may be possible for an attacker to intercept or create an administration session and change DNS and/or other settings on the router.

DrayTek has now released new firmware that addresses this security vulnerability. The firmware can be downloaded from: https://www.draytek.com/en/download/firmware/.

To check if your router has been compromised, look at the DNS and DHCP settings on your router.   If you have a router supporting multiple LAN subnets, check the settings for each subnet.  Your DNS settings should be either blank, set to the correct DNS server addresses from your ISP or DNS server addresses of a server which you have set (e.g. Google 8.8.8.8).

If you see a rogue DNS server setting of 38.134.121.95 – it means that your router settings have been changed.  In this case you can correct the changes or restore the router configuration from the last good known backup configuration.

 

Updated firmware with the security fix listed below:

      • Vigor120, version 3.8.8.2
      • Vigor122, version 3.8.8.2
      • Vigor130, version 3.8.8.2
      • VigorNIC 132, version 3.8.8.2
      • Vigor2120 Series, version 3.8.8.2
      • Vigor2132, version 3.8.8.2
      • Vigor2133, version 3.8.8.2
      • Vigor2760D, version 3.8.8.2
      • Vigor2762, version 3.8.8.2
      • Vigor2832, version 3.8.8.2
      • Vigor2860, version 3.8.8
      • Vigor2862, version 3.8.8.2
      • Vigor2862B, version 3.8.8.2
      • Vigor2912, version 3.8.8.2
      • Vigor2925, version 3.8.8.2
      • Vigor2926, version 3.8.8.2
      • Vigor2952, version 3.8.8.2
      • Vigor3220, version 3.8.8.2
      • VigorBX2000, version 3.8.8.2
      • VigorIPPBX2820, version 3.8.8.2
      • VigorIPPBX3510, version 3.8.8.2
      • Vigor2830nv2, version 3.8.8.2
      • Vigor2820, version 3.8.8.2
      • Vigor2710, version 3.8.8.2
      • Vigro2110, version 3.8.8.2
      • Vigro2830sb, version 3.8.8.2
      • Vigor2850, version 3.8.8.2
      • Vigor2920, version 3.8.8.2

Click here to download latest firmware.

 


Latest Video


How to activate and use DrayDDNS Service

 

This video introduces the DrayDDNS service. DrayDDNS can be used when your ISP gives you a dynamic IP address and it allows you to connect to the router remotely by using a domain name. The configuration steps in a DrayTek Vigor router are described to assist you to in setting up your own DrayDDNS account.

 

 

How to Find the Best Wi-Fi Channel by Using Vigor AP or your Mobile Phone

This video shows how to find the best Wi-Fi channel by using a Vigor Access Point (AP) or your mobile phone. Since Wi-Fi performance is related to the channel utilisation, the diagnostic steps shown in this video will help to find the least congested channel to use.

 

 


New Application Notes


How to configure firewall filter rules to allow VPN if default rule is set to block all traffic.

This application note shows how to configure the firewall in Vigor routers to allow required traffic over a VPN tunnel when the default firewall rule is set to block all traffic.

 

Read more

 


Updated Utility


Smart VPN Client V4.3.4

New feature

  • Allow the user to run SmartVPN Client and establish the VPN tunnel using Windows User Level Account. Note that the SmartVPN Client should be installed using Windows Admin Level Account first.

Click here to download

Written by

The author didnt add any Information to his profile yet