Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User Ancient_Mariner
(eat-sleep-adslguide) Fri 18-May-18 19:15:27
Print Post

DrayTek Security Advisory


[link to this post]
 
Received an email from DrayTek Security this afternoon regarding
CSRF & DNS Changed Web Interface Attacks.

I did not open the link, but going to DrayTek's Support website gives the information here:-

https://www.draytek.co.uk/support/security-advisorie...

Some of the information may well be of use to checking other routers.

Cheers!

Clive

Andrews & Arnold FTTC
DrayTek Vigor 2920Vn

Andrews & Arnold Data SIM
HUAWEI E5776
Standard User Pipexer
(eat-sleep-adslguide) Sat 19-May-18 17:38:49
Print Post

Re: DrayTek Security Advisory


[re: Ancient_Mariner] [link to this post]
 
Wow - that's pretty serious.
Time to update immediately!

ZeN Fibre Unlimited 2
Standard User tdw42
(regular) Sat 19-May-18 20:18:31
Print Post

Re: DrayTek Security Advisory


[re: Ancient_Mariner] [link to this post]
 
It's somewhat annoying that they have released the advisory before having all the firmware updates ready - the Vigor 120 / 122 / 130 / 2110 / 2120 / 2132 / 2820 / 2830 / 2850 / 2912 / 2920 are stated to have updated firmware to address the vulnerability, but it isn't yet available from the UK or international download sites.


Register (or login) on our website and you will not see this ad.

Standard User Pipexer
(eat-sleep-adslguide) Sat 19-May-18 21:33:49
Print Post

Re: DrayTek Security Advisory


[re: tdw42] [link to this post]
 
In reply to a post by tdw42:
It's somewhat annoying that they have released the advisory before having all the firmware updates ready - the Vigor 120 / 122 / 130 / 2110 / 2120 / 2132 / 2820 / 2830 / 2850 / 2912 / 2920 are stated to have updated firmware to address the vulnerability, but it isn't yet available from the UK or international download sites.

It is a bit buy as a zero day they aren;t doing too bad.

I think switching off remote management and also the SSL VPN service will fix the issue - i.e shut off the web interface from being exposed to the internet - if you are able to in your scenario.

ZeN Fibre Unlimited 2
Standard User Nightglow
(member) Sun 20-May-18 07:57:19
Print Post

Re: DrayTek Security Advisory


[re: Ancient_Mariner] [link to this post]
 
Got the same Draytek email,yet I have NEVER register with them, so deleted it as spam.
But, on checking there a firmware update for my 130.

Edited by Nightglow (Sun 20-May-18 08:00:48)

Standard User brookheather
(learned) Sun 20-May-18 13:11:48
Print Post

Re: DrayTek Security Advisory


[re: Ancient_Mariner] [link to this post]
 
My Asus DSL-AC68U had the same issue with the remote web access - my DNS was changed to one which redirected apple.com requests to a rogue server presumably to capture login credentials. Luckily I don't use my router's DHCP so didn't notice it for a while. Asus have issued updated firmware for their routers to fix this.
  Print Thread

Jump to