Firmware to fix the WPA2 vulnerability has arrived on the UK download site. http://www.draytek.co.uk/support/downloads

Only for the 2860/2862 at the time of writing (from what I can make out, though I didn't check that closely).

Being an early adopter I installed a few days ago from .com.tw site. Noticed that on the dashboard page (only) after about a minute or so of inactivity I get:

Authorization Error !
Browser not authentication-capable or authentication failed.

No idea what triggers this, but otherwise works fine. I'll flip to the BT version just in case there's a difference [Post flip edit: There is no difference...].

Yup - I have the same

hornbyp wrote: Yup - I have the same

This came up in October.


https://forum.draytek.co.uk/viewtopic.php?f=14&t=21902

hornbyp wrote: Firmware to fix the WPA2 vulnerability has arrived on the UK download site.

Bear in mind that that the issue applies only to wireless clients or units acting as a client, so not routers which are just acting as your wireless base - you need to update your client devices.

See http://www.draytek.co.uk/information/our-technology/wpa2-krack-vulnerability

This issue seems to have been assessed further, and apparently the disabling of 'EAPOL key retries' seems to greatly mitigate the problem. See https://www.draytek.co.uk/support/guides/kb-wpa2-eapol

This option has been added to 3.8.5.2 (for the 2860) ... and is currently available from: https://www.draytek.com/en/download/firmware/vigor2860-series/

(corrected URL - no idea why Draytek removed the old one...)