Security Alert

MultipleVulnerabilities in DrayTek Products (CVE-2024-41583 ~ CVE-2024-41596)

As mentioned in our last newsletter, DrayTek has identified multiple vulnerabilities in DrayTek routers, which have been addressed by issuing updated firmware. These vulnerabilities are CVE-2024-41583 through to CVE-2024-41596. 

Vulnerability Details:

• Published Date: 2024/10/4
• CVE IDs: CVE-2024-41583 to CVE-2024-41596
• Types: Cross-Site Scripting, Denial of Service, Remote Code Execution

CVE number	CVSS
CVE-2024-41583	4.7
CVE-2024-41584	4.7
CVE-2024-41585	6.8
CVE-2024-41586	8
CVE-2024-41587	5.4
CVE-2024-41588	8
CVE-2024-41589	8.8
CVE-2024-41590	8
CVE-2024-41591	6.1
CVE-2024-41592	8
CVE-2024-41593	9.8
CVE-2024-41594	7.5
CVE-2024-41595	8
CVE-2024-41596	8

Action Required:
1. Upgrade your router firmware to the version listed below.
2. Before upgrading:

• Back up your current configuration (System Maintenance > Config Backup).
• Use the ".ALL" file to upgrade and preserve your settings.
• If upgrading from an older version, review the release notes for specific instructions.

3. If remote access is enabled:

• Disable it unless necessary.
• Use an access control list (ACL) and enable 2FA if possible.
• For unpatched routers, disable both remote access (admin) and SSL VPN.
• Note: ACL does not apply to SSL VPN (Port 443), so temporarily disable SSL VPN until upgraded.

Firmware Versions with Security Fixes

Updated firmware can be downloaded from https://www.draytek.com.au/support/downloads/

 

• Vigor2133 - 3.9.9
• Vigor2135 - 4.4.5.3
• Vigor2620 LTE - 3.9.8.9
• Vigor2762 - 3.9.9
• Vigor2765 - 4.4.5.3
• Vigor2766 - 4.4.5.3
• Vigor2832 - 3.9.9
• Vigor2860 / 2860 LTE - 3.9.8
• Vigor2862 / 2862 LTE - 3.9.9.5
• Vigor2865 / 2865 LTE - 4.4.5.2
• Vigor2866 / 2866 LTE - 4.4.5.2
• Vigor2915 - 4.4.3.2
• Vigor2925 / 2925 LTE - 3.9.8
• Vigor2926 / 2926 LTE - 3.9.9.5
• Vigor2927 / 2927 LTE / 2927L-5G - 4.4.5.5
• Vigor2952 / 2952 LTE - 3.9.8.2
• Vigor2962 - 4.3.2.8 4.4.3.1
• Vigor3220n - 3.9.8.2
• Vigor3910 - 4.3.2.8 4.4.3.1
• Vigor3912 - 4.3.6.1

Additional Security Measures:

• Regularly check for and apply firmware updates.
• Implement strong, unique passwords for all accounts.
• Enable and configure firewall settings appropriately.
• Monitor your network for any suspicious activities.

 

 

Perth DrayTek Training Workshop

i-LAN Technology will hold a one-day DrayTek training workshop in Perth on December 3rd, 2024, at the Metro Hotel in South Perth.

This is an excellent opportunity for DrayTek resellers and network administrators to learn about the latest products and configuration options.

It will also allow you to meet our sales and technical staff, ask questions, and suggest improvements to DrayTek products.

All equipment and training materials will be provided. Light refreshments and lunch will also be provided.

The course includes theory, instruction, and practical hands-on sessions to give you first-hand experience to test each scenario discussed.

The topics to be covered include:

1.       WAN Connectivity Options for the latest DrayTek Routers

2.       Multi-WAN Functions: Load Balance and Failover

3.       High Availability

4.       VLAN and its Applications 

Click here to find out more or register your interest.