Hi All

Trying to get our office IP to pass a PCI scan and have found that the web management is failing on a couple of errors

I really need this to be open to the web, but could possibly limit to just one outside IP but worried that this still returns a blank page and might still fail - waiting for the scan to come back

below are the errors I get, anyone know if I can resolve these? firmware upgrade maybe?

Security Vulnerabilities
Protocol Port Program Risk Summary
TCP 8080 http-alt 4 Synopsis : The remote web server is prone to cross-site scripting attacks. Description : The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. See also : http://en.wikipedia.org/wiki/Cross-site_ scripting Solution: Contact the vendor for a patch or upgrade. Risk Factor: Medium / CVSS Base Score : 4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE : CVE-2002-1060, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681 BID : 5305, 7344, 7353, 8037, 14473, 17408 Other references : OSVDB:18525, OSVDB:24469, OSVDB:42314, OSVDB:4989, OSVDB:58976

Part of the message is hidden for the guests. Please log in or register to see it.

You can disable the remote management option that should stop the 2820 to responding tio external connectivity on 8080.

Login to the router, go to System Maintenance and then Management.

remove all of the check boxes from the "Allow management from the Internet". You may also want to disable PING as well. Press OK, may need a reboot. Try the PCI scan again.

This should stop the 2820 from responding externally.

Otherwise, you can add a firewall rule to stop the traffic.

This should allow your router to comply with PCI section § 1.1 (1.1.3, 1.1.5); 1.2; 1.3
(1.3.1‐1.3.8); 1.4; § 2.1; 2.2 (2.2.2‐2.2.4); 2.3

Hey there

Thanks for the response

I'm aware you can do this, hence why I tried limiting the access to a specific IP, but alas this still failed to as the web interface responds with a blank page and also get another error this time that its given away an internal ip through the headers

As I said in my original post, I want to be able to get to the web interface remotely so was looking for a fix of the issue

Thanks

Dave

I would contact draytek support. This forum is not closely monitored (if at all). The other option is to setup a VPN, to remotely connect to the router. It is secure. Port 8080 is not a secure port, unless you enable the https connection option.