OpenSSL vulnerability (CVE-2022-0778)

Released Date: 2022-04-27

A Denial-Of-Service Vulnerability In OpenSSL (CVE-2022-0778) has been found on On 15th March 2022. The BN_mod_sqrt() function in OpenSSL, which is used for parsing certificates contains a bug that can cause it to go into an endless loop. Our products are affected, the HTTPS server for management may stop working and result in a reboot when parsing or importing a maliciously crafted certificate. OpenSSL has released a security update to address the vulnerability. DrayTek will release new firmwares with security updates for OpenSSL vulnerability as follows.

Routers
Access Points
Switches

Model	Fixed Firmware Version	Download Link
Vigor3910	4.3.1.1
Vigor1000B	4.3.1.1
Vigor2962 Series	4.3.1.1
Vigor2927 Series	4.4.0
Vigor2927 LTE Series	4.4.0
Vigor2915 Series	4.3.3.2
Vigor2952 / 2952P	3.9.7.2
Vigor3220 Series	3.9.7.2
Vigor2926 Series	3.9.8.1
Vigor2926 LTE Series	3.9.8.1
Vigor2862 Series	3.9.8.1
Vigor2862 LTE Series	3.9.8.1
Vigor2620 LTE Series	3.9.8.1
VigorLTE 200n	3.9.8.1
Vigor3900	1.5.1.4
Vigor2960	1.5.1.4
Vigor300B	1.5.1.4
Vigor2133 Series	3.9.6.4
Vigor2762 Series	3.9.6.4
Vigor167	5.1.1
Vigor130	3.8.5
VigorNIC 132	3.8.5
Vigor165	4.2.4
Vigor166	4.2.4
Vigor2135 Series	4.4.2
Vigor2765 Series	4.4.2
Vigor2766 Series	4.4.2
Vigor2832	3.9.6
Vigor2865 Series	4.4.0
Vigor2865 LTE Series	4.4.0
Vigor2866 Series	4.4.0
Vigor2866 LTE Series	4.4.0

Model	Fixed Firmware Version	Download Link
VigorAP 802	1.4.5
VigorAP 1000C	1.4.3
VigorAP 1060C	1.4.6
VigorAP 903	1.4.4
VigorAP 912C	1.4.6
VigorAP 960C	1.4.4
VigorAP 918R Series	1.4.3
VigorAP 920R Series	1.4.3

Model	Fixed Firmware Version
VigorSwitch G2100	2.8.0
VigorSwitch P2100	2.8.0
VigorSwitch G2280x	2.8.0
VigorSwitch P2280x	2.8.0
VigorSwitch G2540x	2.8.0
VigorSwitch P2540x	2.8.0
VigorSwitch G2540xs	3.8.0
VigorSwitch P2540xs	3.8.0

Contact Technical Support

Should you have any security-related inquiry regarding one of our products, please contact DrayTek Technical Support.