I see that WPS (Wi-Fi Protected Setup) has a serious security flaw.

See for example:

http://www.smallnetbuilder.com/wireless/wireless-features/31664-waiting-for-the-wps-fix

or

http://www.h-online.com/open/news/item/Wi-Fi-Protected-Setup-made-easier-to-brute-force-Update-1401822.html

The first of these links states that for some routers disabling WPS didn't really shut it off!

Is my Vigor 2820n vulnerable - even though it doesn't have WPS enabled? Its firmware version is 3.3.7_232201.

I am also concerned about this - is anyone aware of any statement form Draytek on this issue ?

I flagged the issue with http://www.support.draytek.uk on 12th Jan.
They are checking with Draytek's engineers, and will let me know.
I'll copy their reply here (if they don't do so themselves).

Martin

But are DrayTek routers even affected by this as you have to start the WPS manually on the 2830. You either click the button for push button connection, or provide a pin number of your choosing?
: and then then an alphanumeric code - is that different to the the 4 or 8 digit WPS pin that the media are referring to?

Draytek Support have just confirmed to me that disabling WPS on the 2820n really does disable it:

Hello Martin,

Vigor 2820 is not vulnerable to this security flaw.It disables
completely on router.

Regards,

Adam

http://www.support.draytek.co.uk

I haven't asked about the 2830.