Is the VPN (or anything else) on the Draytek 2820 vulnerable to the heartbleed bug, and if so will there be a fix forthcoming?

Thanks,

Pete C.

I would like to know this for all Draytek models, as a reseller I will be calling the UK distributer tomorrow but would appreciate anyone who finds out to post here asap. I have run the test against a 2860 web login and it passed. Often with apps like OpenVPN they come with their own OpenSSL so that's not to say the OpenVPN isn't still vulnerable.

Graham

also some sites using SSL may have problem?
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt

To check if a site is still vulnerable, you may use the tool at:
http://filippo.io/Heartbleed/

The good news is that despite a vulnerability scanner showing the Draytek 2850vn as vulnerable when I try and actually exploit both the SSL VPN and the HTTPS administration ports I can't complete the exploit successfully so it seems that the 2850 running firmware version 3.6.6 isn't actually susceptible. Can someone please verify my findings just to be sure.

I have tested my 2860 today. I run 3.7.4.1
Using this online service:
https://pentest-tools.com/vulnerability-scanning/openssl-heartbleed-scanner/
The result is:
Starting query... [2014-04-10 11:56:49] Stay on this page for results!

Scanning target x.y.z.w ...
Found 1 servers with port 443 open
Checking for OpenSSL Heartbleed vulnerability...

x.y.z.w NOT Vulnerable

are typing your own internet ip address? from the web whatismyipaddress.com?