DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
700,000 DrayTek Routers at Risk from Critical Vulnerabilities!
- ianfretwell
- Offline
- Member
Less
More
- Posts: 120
- Thank you received: 3
22 Oct 2024 09:21 #104047
by ianfretwell
Replied by ianfretwell on topic 700,000 DrayTek Routers at Risk from Critical Vulnerabilities!
Whats kinda annoying is the fact that the 2762/2860/2862 releases (at least) were all available on the Taiwanese FTP site a full month ago...so what is the delay for UK releases? - they're only changing a modem code (if even that).
Please Log in or Create an account to join the conversation.
- Geroi
- Offline
- Junior Member
Less
More
- Posts: 16
- Thank you received: 1
22 Oct 2024 09:52 #104048
by Geroi
Replied by Geroi on topic 700,000 DrayTek Routers at Risk from Critical Vulnerabilities!
What annoys me is that for 2865 routers, the version which allegedly resolves this critical vulnerability - crashes the QOS page (a separate forum thread written about it) and makes the router unstable. Yet, newer firmware 4.4.5.3 is nowhere to be seen although other countries are publishing it
Please Log in or Create an account to join the conversation.
- the_pit
- Offline
- Junior Member
Less
More
- Posts: 10
- Thank you received: 0
23 Oct 2024 18:23 #104052
by the_pit
Replied by the_pit on topic 700,000 DrayTek Routers at Risk from Critical Vulnerabilities!
ah well moved across to the newest version of the firmware for 3910. However to do this you have upgrade to an older version of the new line of firmware or risk corrupting your configuration. I hope owners of 3910 and 3912 read the read me otherwise they may have an slight issue.
Please Log in or Create an account to join the conversation.
- Geroi
- Offline
- Junior Member
Less
More
- Posts: 16
- Thank you received: 1
31 Oct 2024 17:05 - 31 Oct 2024 17:11 #104086
by Geroi
Replied by Geroi on topic 700,000 DrayTek Routers at Risk from Critical Vulnerabilities!
4.4.5.3_BT for 2865 has been released today = 31/10/24
Last edit: 31 Oct 2024 17:11 by Geroi.
Please Log in or Create an account to join the conversation.
- pharcyder
- Offline
- Junior Member
Less
More
- Posts: 24
- Thank you received: 2
31 Oct 2024 17:55 #104087
by pharcyder
Replied by pharcyder on topic 700,000 DrayTek Routers at Risk from Critical Vulnerabilities!
Thanks for the spooky update
Please Log in or Create an account to join the conversation.
- John
- Offline
- Junior Member
Less
More
- Posts: 12
- Thank you received: 1
01 Nov 2024 10:03 #104094
by John
Replied by John on topic 700,000 DrayTek Routers at Risk from Critical Vulnerabilities!
Changelog for the 2865 4.4.5.3
New Features
1. Support for Port Knocking (for local service)
Improvements
1. Webhook Server URL character limit increased from 64 to 200 characters
2. Additional options to monitor LTE signal strength
3. The 5GHz minimum RSSI added for Band Steering
4. Additional information related to the 3G/4G signal can be displayed on the WUI (RSSI is
accompanied RSRP and RSRQ once the connection is active)
5. Compatibility with the TR-069 servers using either uppercase or lowercase HTTP headers
6. Colour coded signal quality thresholds for mobile connectivity added to the WUI
7. Fix the SSH compatibility with PuTTY 0.81
8. The IPSec VPN negotiation sessions did not time out
9. Routers could not connect to the third-party ACS servers after upgrading to 4.4.5 firmware
10. Resolved an issue with the URL filter failed to block HTTPS websites when TLS 1.3 hybridized
Kyber was enabled in the web browser and web server used the cipher
11. Fix for an issue where ADSL PPP connection could not resync when DSL dropped while
client(s) was sending outbound WAN traffic
No mention of the QOS issue being fixed.
New Features
1. Support for Port Knocking (for local service)
Improvements
1. Webhook Server URL character limit increased from 64 to 200 characters
2. Additional options to monitor LTE signal strength
3. The 5GHz minimum RSSI added for Band Steering
4. Additional information related to the 3G/4G signal can be displayed on the WUI (RSSI is
accompanied RSRP and RSRQ once the connection is active)
5. Compatibility with the TR-069 servers using either uppercase or lowercase HTTP headers
6. Colour coded signal quality thresholds for mobile connectivity added to the WUI
7. Fix the SSH compatibility with PuTTY 0.81
8. The IPSec VPN negotiation sessions did not time out
9. Routers could not connect to the third-party ACS servers after upgrading to 4.4.5 firmware
10. Resolved an issue with the URL filter failed to block HTTPS websites when TLS 1.3 hybridized
Kyber was enabled in the web browser and web server used the cipher
11. Fix for an issue where ADSL PPP connection could not resync when DSL dropped while
client(s) was sending outbound WAN traffic
No mention of the QOS issue being fixed.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek