Security Advisory


OpenSSL vulnerability (CVE-2022-0778)

Release Date: 2022-04-27

A Denial-Of-Service Vulnerability in OpenSSL (CVE-2022-0778) has been found recently. The BN_mod_sqrt() function in OpenSSL, which is used for parsing certificates contains a bug that can cause it to go into an endless loop. This bug affects DrayTek products causing the HTTPS server for management to stop working resulting in a reboot when parsing or importing a maliciously crafted certificate. OpenSSL has released a security update to address the vulnerability. DrayTek is releasing new firmware with security updates for the OpenSSL vulnerability.

More details at: https://www.draytek.com/about/security-advisory/openssl-vulnerability-(cve-2022-0778)/

Updated firmware versions are listed in the Latest Firmware section below.
More routers will be added to the list as new firmware is released in the coming weeks.


Latest Video


Configuring the DrayTek Vigor167 for Bridge Mode

In this video we briefly show how to configure the Vigor167 for bridge mode on firmware version 5.1. This is based on the application note available at: https://faq.draytek.com.au/2022/04/20/configuring-the-draytek-vigor167-for-bridge-mode/

Click here to watch the video.


Latest Application Note


VPN

Ways to fix the VPN No PPP Control Protocols Configured Error

This application note covers two methods to resolve an issue when you see the error “no PPP link control protocol configured” during the VPN dial-up.  This is usually caused by a PPP configuration error in the DrayTek Smart VPN app caused by a reconfiguration or damaged installation of the Wan Mini port (IP) device in Windows.

Click  here to read the application note.


WAN

Configuring the DrayTek Vigor167 for Bridge Mode

This application note will show how to configure the DrayTek VigorV167 for bridge mode
Bridge mode is enabled by default on the VigorV167 running firmware version 5.1. This firmware has router mode also available. The steps described shows how to set up bridge mode manually once the router is already running in router mode.

Click  here to read the application note.


Load Balancing and Failover based on WAN quality

Later model Multi-WAN Vigor routers running the latest firmware now have an option to set up load balance and failover based on certain such as bandwidth, quality and reliability based on different factors including ping latency, jitter, and packet loss.

Click  here to read the application note for more details.


Latest Software


DrayTek Wireless (iOS) V1.1.4
New Features

  • Add a new field to display the client’s Download/Upload Usage information on mesh station list

Improvements

  • Users can access an offline profile on the Network page.
  • Fixed:  Displaying clients’ list on the Client page (when the Vigor device was set as AP mode).

Click  here to download the app.


Smart VPN Client (macOS) V1.5.2
Includes bug fixes

Click  here to download the app.


Latest Firmware


Vigor3910 V4.3.1.1
Improvements

  • Support 802.11ax and 160MHz on APM WLAN Profile.
  • Fixed: Improve Web GUI Security.
  • Fixed: Improved the OpenSSL security (CVE-2022-0778).
  • Fixed: A potential looping issue when rebooting the device.
  • Fixed: Getting IP address with OpenVPN remote dial-in profile.
  • Fixed: Establishing a BGP connection between Vigor router and Juniper.
  • Fixed: ARP frame size (so that it will be larger than the minimum Ethernet frame size)

Click here to download the firmware.


Vigor3900 V1.5.1.4
Improvements

  • Improve Web GUI Security.
  • Disable TR069 from WAN by default.
  • Improve the OpenSSL security (CVE-2022-0778).
  • Set the OpenVPN encryption version to TLS 1.2 by default.
  • Fixed: An issue of Let’s Encrypt certificate renew failure if enabling Access Control.
  • Fixed: An issue of IKEv2 EAP VPN(H2L) failure if cut wrongly the subject alternative name of the local certification.

Click here to download the firmware.


Vigor 2960 V1.5.1.4
Improvements

  • Improve Web GUI Security.
  • Disable TR069 from WAN by default.
  • Improve the OpenSSL security (CVE-2022-0778).
  • Set the OpenVPN encryption version to TLS 1.2 by default.
  • Fixed: An issue of Let’s Encrypt certificate renew failure if enabling Access Control.
  • Fixed: An issue of IKEv2 EAP VPN(H2L) failure if cut wrongly the subject alternative name of the local certification.

Click here to download the firmware.


Firmware is available for the following routers with the following security improvements:

  • Improve Web GUI Security.
  • Improve the OpenSSL security (CVE-2022-0778)

Vigor2133 V3.9.6.4
Click here to download the firmware.

Vigor2762 V3.9.6.4
Click here to download the firmware.

Vigor2832 V3.9.6
Click here to download the firmware.

Vigor2862 / 2862 LTE V3.9.8.1
Click here to download the firmware.

Vigor2926 / 2926 LTE V3.9.8.1
Click here to download the firmware.

Vigor2927 / 2927 LTE V4.4.0
Click here to download the firmware.

Vigor2952 / 2952P V3.9.7.2
Click here to download the firmware.

Vigor3220 V3.9.7.2
Click here to download the firmware.

VigorAP 802 V1.4.5
Click here to download the firmware.