When DrayTek wireless products, such as wireless routers and access points, are used as wireless base stations, they are not affected by the KRACK (Key Reinstallation AttaCK) vulnerability; therefore patches or updates are not required. However, other devices connecting to DrayTek products and functioning as wireless clients (e.g., mobile phones, tablets, laptops, and etc.,) could be vulnerable. You should check with device vendors to determine if updates are needed.
When DrayTek products are used as wireless clients and access to the Internet with universal repeater or wireless WAN modes, the wireless traffic is susceptible to interception as the router or access point is acting as a wireless client. DrayTek will be releasing firmware updates to address the issue starting next week.
This vulnerability affects DrayTek routers with wireless WAN support, and access points with universal repeater mode or Station-Infrastructure support.
| Model | Fixed Firmware Version |
| Vigor2862 wireless series | 3.8.7 |
| Vigor2860 wireless series | 3.8.5.1 |
| Vigor2830v2 wireless series | 3.8.5 |
| Vigor2925 wireless series | 3.8.5 |
| Vigor2912 wireless series | 3.8.5 |
| Vigor2120 wireless series | 3.8.5 |
| VigorAP 910C | 1.2.3.1 |
| VigorAP 900 | 1.2.1.1 |
| VigorAP 902 | 1.2.3 |
| VigorAP 810 | 1.2.3 |
| VigorAP 710 | 1.2.3 |
| VigorAP 800 | 1.1.6.2 |
Routers that are not listed above are NOT affected by the KRACK vulnerability.
Should you have any security-related inquiry regarding one of our products, please contact DrayTek Technical Support.