Security Advisory – (CVE-2022-32548)

In April 2022, DrayTek became aware of a vulnerability announced under CVE-2022-32548 and is related to a possible exploit of the router’s Web UI login page.

DrayTek have released a updated firmware which addresses this vulnerability over the past few months.  If you have not done so, it is recommended to upgrade your router firmware to the latest version.

Full details are available in the advisory on the DrayTek web site:
https://www.draytek.com/about/security-advisory/draytek-router-unauthenticated-remote-code-execution-vulnerability-(cve-2022-32548)/

This article lists models affected and the recommended firmware versions to use.


Latest Application Note


Switch

Types of VigorSwitch SFP Modules

This application note provides a list of compatible SFP modules to suit DrayTek VigorSwitches.

Click here to read the application note.


Latest Firmware


VigorAP 918R  / VigorAP 920R / VigorAP 1000C V1.4.4

Improvements

  • Improve the DNS security (CVE-2022-30295).
  • Support Allow management from WLAN (System Maintenance >> Management).
  • Fixed: Mesh network connection when Mesh Root is Vigor2862 or Vigor2926.
  • Fixed: APM failure on the Vigor router when upgrading the firmware of VigorAP from 1.4.2 to 1.4.3

Click here to download firmware.


VigorSwitch G2280x V2.7.4

New Features

  • Support 10Gigabit Ethernet port auto linkup.

Improvement

  • Fixed: An issue of (10G) port link aggregation not working after device reboot.

Click here to download firmware.


VigorSwitch G2540x / P2540x V2.7.4

New Features

  • Support 10Gigabit Ethernet port auto linkup.

Improvement

  • Fixed: An issue of (10G) port link aggregation not working after device reboot.

Click here to download firmware.