DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

CVE-2022-0778 - OpenSSL vulnerability

  • craigski
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
30 Apr 2022 17:42 #101078 by craigski
CVE-2022-0778 - OpenSSL vulnerability was created by craigski
I've been wondering of this affects Draytek routers, and seen some new firmware on draytek.com. CVE-2022-0778 is mentioned in release notes, are these being tested in UK, and will be available on .co.uk website soon?

Is there are list of affected products?

Please Log in or Create an account to join the conversation.

More
02 May 2022 04:38 #101084 by kelfaur
Replied by kelfaur on topic Re: CVE-2022-0778 - OpenSSL vulnerability
Firmware v4.4.0 has this addressed for the 2927 series. You can skip the queue and check their core repo and see if it's addressed in the release notes for your model of router, with the lastest firmware.

https://fw.draytek.com.tw/

Code:
Corrected: Improved the OpenSSL security (CVE-2022-0778).

Please Log in or Create an account to join the conversation.

More
11 May 2022 21:04 #101134 by ccarmock
Replied by ccarmock on topic Re: CVE-2022-0778 - OpenSSL vulnerability
More devices are getting a new firmware version to fix this on the international site at www.draytek.com but few seem to be getting added to the UK site at www.draytek.co.uk. Wonder if one of the admins here could find out why?

For the non DSL based routers there should be no difference between the .com and .co.uk versions but for DSL based devices we are told to wait for a _BT version of the firmware.

For instance the Vuigor 130 has just had an update on the .com site to address SSL vulnerabilities.... Since I have one of these I am keen to get the UK version ASAP.

The flagship 3910 has now had two firmware updates on the .com site neither of which have made it to the .co.uk one.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami