Security Advisory: Vigor 3900 / 2960 / 300B Buffer Overflow RCE (Mar 2020) CVE-2020-10823~10828

 

CVE-2020-10823 ~ 10828

Priority: Critical

Product Models: Vigor 3900, Vigor 2960, Vigor 300B

Action Required : Update your firmware immediately to version 1.5.1 or later

DrayTek have become aware of a possible exploits on the Vigor 2960 / 3900 / 300B involving a buffer overflow issues which can lead to RCE. We already released new firmware on 6th February 2020 which fixes these issues. As that was a critical update itself, if you upgraded to 1.5.1 already, no further action is needed now.

Necessary Action: Users of affected models should upgrade to 1.5.1 firmware or later as soon as possible.

Firmware downloads are available from here (For UK/IE Region only).

Always Use Secure Protocols for Internet Activity

Regardless of this specific issue, Intercepting data can be made harder by always using secure protocols - HTTPS, TLS applied to email (see below) protocols etc.   Some protocols (FTP, Telnet, Syslog, IRC) should be avoided over the open internet - use equivalent secure protocols or VPNs where needed. 

Your mail server and mail software/client (Outlook etc.) should be using secure transport. If you check your settings, secure protocols use different TCP port. e.g.  POP3 should use port 995, not 110. SMTP should uses port 465, not 25 and IMAP should use port 993, not 143. (The actual port number doesn't actually mean it's secure; those are just the correct ports that would be used on a properly secured server. Check with your ISPfor the correct settings).

If you have remote access enabled on your router, disable it if you don't need it, and use an access control list (ACL) if possible. An ACL is a preset whitelist of permitted remote IP addresses who can remotely administer your router, blocking anyone else.  Alternatively, permit remote administration only through a secure VPN or using VigorACS central management.

Update Mailing List (UK/Ireland)

UK/Ireland  users  should  subscribe  to our mailing-list in order to receive  timely  notifications  of  firmware  or critical updates like this and as a general rule of best practice, always keep all of your products firmware up top date and check for updates.


Disclaimer : Please check this web page again for any new/updated information. You are advised to always keep your product's firmware or software up-to-date and keep in touch with your vendors to be advised of any new vulnerabilities (for example by subscribing to mailing lists). The information is this web page is provided in good faith based on the the information available to us at the current time, following an appropriate assessment but without acceptance of liability in the case of new, developing or existing threats or unlawful activity against your system. Any suggestions given above are provided as general information but should not be considered a thorough or specific assessment of your own individual security risks and you should take formal advice from a security expert to assess your specific security needs. As with any advisory, the suggested advice forms part of your own security planning and protocols.

Please note that mail alerts on this issue will come from our domain "drayteknews.co.uk" not our web domain (draytek.co.uk).  Both of the domains are legitimate and belong to us (DrayTek) but in line with anti-phishing measures, you're quite right to check.