Vi har fra DrayTek Corp. Taiwan modtaget en opfordring til at, informere alle kunder om at opgradere til nyeste FW på Vigor2960, Vigor3900 og Vigor300B på grund af et opdaget sikkerheds problem.

Vi vil på det kraftigste anbefale alle til at, opgradere til den nævnet FW ver. 1.5.1 for at undgå problemer.  Og som DrayTek skriver, så er det altid en god ide at begrænse mest muligt, hvem som har mulighed for remote adgang til ens router.

Fra DrayTek Corp.

Vigor3900 / Vigor2960 / Vigor300B Router Web Management Page Vulnerability (CVE-2020-8515)

On Jan 30th we became aware of a possible exploit of the Vigor2960/3900/300B related to the WebUI. It was identified during testing and reported to us. On the 6th Feb, we released an updated firmware to address this issue.

You should upgrade as soon as possible to 1.5.1 firmware or later.

If you have remote access enabled on your router, disable it if you don’t need it, and use an access control list if possible. If you have not updated the firmware yet, disable remote access (admin) and SSL VPN. The ACL does not apply to SSL VPN connections (Port 443) so you should also temporarily disable SSL VPN until you have updated the firmware.

The issue only affects the Vigor 3900 / 2960 / 300B and is not known to affect any other DrayTek products.

Affected Products and the Fixed Firmware Version

Model Fixed Firmware Version Download Link
Vigor300B 1.5.1 https://www.draytek.com.tw/ftp/Vigor300B/Firmware/v1.5.1/Vigor300B_v1.5.1.zip
Vigor2960 1.5.1 https://www.draytek.com.tw/ftp/Vigor2960/Firmware/v1.5.1/Vigor2960_v1.5.1.zip
Vigor3900 1.5.1 https://www.draytek.com.tw/ftp/Vigor3900/Firmware/v1.5.1/Vigor3900_v1.5.1.zip

Link til DrayTek Corp. for mere info.

https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/