Weekly Update 10 October 2024
Security Advisory
DrayTek has identified multiple vulnerabilities in DrayTek routers, which have been addressed by issuing updated firmware. These vulnerabilities are CVE-2024-41583 through to CVE-2024-41596.
If you have not yet upgraded the router firmware, it is recommended that you do so immediately. Before upgrading the firmware, it is also recommended that you create a backup of the current router configuration. When upgrading the firmware, use the “.all” file to retain the current router configuration.
Review the release notes carefully for any instructions on upgrading from a much older firmware version.
If remote access is enabled on your router, disable it unless necessary, use an access control list (ACL) and enable 2FA if possible.
More details are available in the security advisory on the DrayTek website:
Details of affected products and Updated firmware versions are listed in the same security advisory.
Buffer overflow vulnerabilities have been discovered and are affecting several router models. This could potentially allow authenticated attackers to cause a Denial of Service (DoS) via a crafted input. The vulnerabilities have been announced under CVE-2024-46550, CVE-2024-46568, CVE-2024-46571, CVE-2024-46580, CVE-2024-46586, CVE-2024-46588, and CVE-2024-46598.
DrayTek is currently working on updated firmware for affected models.
For more details on which routers are affected and updated firmware versions, refer to the security advisory on the DrayTek website:
https://www.draytek.com/about/security-advisory/buffer-overflow-vulnerability
Latest Knowledge Base Articles
Security
Security Tips for Vigor Routers
This application note provides some tips on how to improve security in your DrayTek router to prevent unauthorised access. Unauthorised access is most commonly due to poor security settings or not updating the firmware to close off any known security vulnerabilities present in older firmware versions.
Click here to read the article.
Security Alert – CSRF Vulnerability and How to Prevent Attacks
This article provides some additional information on improving the security of your DrayTek router.
Click here to read the article.
System
Enhance the Internet browsing privacy by installing AdGuard Home on your Vigor3912S
AdGuard Home is a network-level ad-blocking and privacy protection software. Its primary functions include blocking ads, trackers, and other unwanted content. AdGuard Home operates by being set as the DNS server for your network.
This article describes the steps to install and use AdGuard Home in the Vigor3912S router.
Click here to read the article.
WAN
Using the Starlink Internet with Vigor Router
This article describes configuring a DrayTek router to use the Starlink Internet connection.
Click here to read the article.
Below are details of a related video recently published on our YouTube channel:
Click here to watch this video.
Improvements
· - Improve Web GUI Security
· - Fixed: Closing APPE signature for network security
· - Fixed: Failure to connect to the Internet via SNMP server on Nagios
· - Fixed: URL Filter fails to block HTTPS websites when TLS 1.3 hybridized Kyber was enabled in the browser
Click here to download the firmware.
Improvements
· - Fixed: Closing APPE signature for network security
· - Fixed: Failure to connect to the Internet via SNMP server on Nagios
· - Fixed: URL Filter fails to block HTTPS websites when TLS 1.3 hybridized Kyber was enabled in the browser
Click here
to download the firmware.
Improvements
· - Improve Web GUI Security
· - Fixed: Closing APPE signature for network security
· - Fixed: Failure to connect to the Internet via SNMP server on Nagios
· - Fixed: URL Filter fails to block HTTPS websites when TLS 1.3 hybridized Kyber was enabled in the browser
Click here to download the firmware.
Improvements
· - Fixed: Validation Code not working on the Login window
· - Fixed: The Country Object failed to work due to the firewall setting
· - Fixed: Failure to reboot the router when CPE set parameter configuration contained WAN1 username/password.
Click here to download the firmware.
Improvements
· - Fixed: Validation Code not working on the Login window
· - Fixed: The Country Object failed to work due to the firewall setting
· - Fixed: Failure to reboot the router when CPE set parameter configuration contained WAN1 username/password.
Click here
to download the firmware.
Improvements
· - Fixed: Issues related to TR-069 parameters
· - Fixed: CPU usage occupied in some cases
· - Fixed: An issue related to using IP source guard and DHCP snooping simultaneously
Click here
to download the firmware.
Improvements
· - Fixed: Issues related to TR-069 parameters
· - Fixed: CPU usage occupied in some cases
· - Fixed: An issue related to using IP source guard and DHCP snooping simultaneously
Click here
to download the firmware.
Improvements
· - Fixed: Issues related to TR-069 parameters
· - Fixed: CPU usage occupied in some cases
· - Fixed: An issue related to using IP source guard and DHCP snooping simultaneously
Click here
to download the firmware.
Improvements
· - Fixed: Issues related to TR-069 parameters
· - Fixed: CPU usage occupied in some cases
· - Fixed: An issue related to using IP source guard and DHCP snooping simultaneously
Click here to download the firmware.
Calendar Events from DrayTek HQ
DrayTek HQ often sends notifications of system updates or outages, security notifications, and firmware releases.
Click here for the latest news from DrayTek HQ
To subscribe to our regular news updates, click on “Subscribe” on this page or login into your i-helpdesk account and enable the “Subscribe” option.
Related Articles
Weekly Update 4 October 2023
Upcoming Webinar Free Webinar – Latest Updates to DrayTek Web Content Filter Tuesday 10th October 2023, 12:00 noon AEST Duration: 30 minutes Tune into our next YouTube Premiere webinar: Latest Updates to DrayTek Web Content Filter This webinar looks ...Weekly Update 3 October 2019
Upcoming Webinar High Availability in DrayTek Routers Tuesday 15th October 2019, 10:00am Duration: 30 minutes You are invited to attend our next webinar: High Availability in DrayTek Routers This webinar gives an overview of the High Availability ...Weekly Update 1 October 2020
Upcoming Webinar Free Webinar – Firewall in DrayTek Routers (Part 1) Tuesday 6st October 2020, 10:00am Duration: 30 minutes Tune in to the first part of our 2-part series of YouTube Premiere webinars: Firewall in DrayTek Routers (Part 1) In this ...Weekly Update 18 October 2022
Upcoming Webinar Free Webinar – DrayTek VigorACS 3 - Maintenance Tasks Tuesday 25th October 2022, 12:00 noon AEDT Duration: 30 minutes Tune into our next YouTube Premiere webinar: DrayTek VigorACS 3 - Maintenance Tasks This is the seventh part of ...Weekly Update 10 October 2019
Upcoming Webinar High Availability in DrayTek Routers Tuesday 15th October 2019, 10:00am Duration: 30 minutes You are invited to attend our next webinar: High Availability in DrayTek Routers This webinar gives an overview of the High Availability ...