Are Vigor Routers affected by WPS PIN brute force vulnerability (VU#723755)?

Products affected and solutions

DrayTek products running DrayOS (which is most products sold) as well as the products launched after 2013 never supported WPS Router/AP PinCode, therefore are not at risk from this vulnerability. Products which support WPS Router/AP PinCode method are shown below. However, the feature was removed in the firmware version shown below (and later firmware). To avoid the WPS vulnerability for these models, please update the firmware to the versions shown below or later. Through firmware upgrade, Router/AP PinCode feature will be disabled in the WPS section.

• VigorFly 200: Firmware v1.0.6.1 or later
• VigorFly 210: Firmware v1.0.6.1 or later
• Vigor 2130 Series: Firmware 1.5.1.2 or later
• Vigor 2750 Series: Firmware 1.5.1.2 or later
• VigorAP 700 v1: Firmware 1.1.5 or later
• VigorAP 700 v2: Firmware 1.0.3 or later
• VigorAP 800: Firmware 1.0.3.1 or later

About WPS PIN brute force vulnerability

In 2011, a design flaw was found existed in Wi-Fi Protected Setup(WPS) specification for the Router/AP PinCode authentication, known as Wi-Fi Protected Setup (WPS) PIN brute force vulnerability (US-CERT VU#723755). This flaw reduces the attempts needed for the hackers to brute force the Router/AP PinCode to only 11,000 times, which makes the private network can be easily accessed. However, this vulnerability is only in the Router/AP PinCode method, Client PinCode or “Push Button” method is not affected and can continue to be used.