DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
CVE-2022-0778 - OpenSSL vulnerability
- craigski
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 52
- Thank you received: 0
30 Apr 2022 17:42 #101078
by craigski
CVE-2022-0778 - OpenSSL vulnerability was created by craigski
I've been wondering of this affects Draytek routers, and seen some new firmware on draytek.com. CVE-2022-0778 is mentioned in release notes, are these being tested in UK, and will be available on .co.uk website soon?
Is there are list of affected products?
Is there are list of affected products?
Please Log in or Create an account to join the conversation.
- kelfaur
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
02 May 2022 04:38 #101084
by kelfaur
Replied by kelfaur on topic Re: CVE-2022-0778 - OpenSSL vulnerability
Firmware v4.4.0 has this addressed for the 2927 series. You can skip the queue and check their core repo and see if it's addressed in the release notes for your model of router, with the lastest firmware.
https://fw.draytek.com.tw/
Code:
Corrected: Improved the OpenSSL security (CVE-2022-0778).
Please Log in or Create an account to join the conversation.
- ccarmock
- Offline
- Junior Member
Less
More
- Posts: 80
- Thank you received: 0
11 May 2022 21:04 #101134
by ccarmock
Replied by ccarmock on topic Re: CVE-2022-0778 - OpenSSL vulnerability
More devices are getting a new firmware version to fix this on the international site at www.draytek.com but few seem to be getting added to the UK site at www.draytek.co.uk . Wonder if one of the admins here could find out why?
For the non DSL based routers there should be no difference between the .com and .co.uk versions but for DSL based devices we are told to wait for a _BT version of the firmware.
For instance the Vuigor 130 has just had an update on the .com site to address SSL vulnerabilities.... Since I have one of these I am keen to get the UK version ASAP.
The flagship 3910 has now had two firmware updates on the .com site neither of which have made it to the .co.uk one.
For the non DSL based routers there should be no difference between the .com and .co.uk versions but for DSL based devices we are told to wait for a _BT version of the firmware.
For instance the Vuigor 130 has just had an update on the .com site to address SSL vulnerabilities.... Since I have one of these I am keen to get the UK version ASAP.
The flagship 3910 has now had two firmware updates on the .com site neither of which have made it to the .co.uk one.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek