DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
700,000 DrayTek Routers at Risk from Critical Vulnerabilities!
- Andy
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 29
- Thank you received: 4
15 Nov 2024 09:33 #104146
by Andy
Replied by Andy on topic 700,000 DrayTek Routers at Risk from Critical Vulnerabilities!
The UK site yesterday added firmware 4.4.5.7 (Regular) for the 2927, but the global site lists 4.4.5.8 (Critical) for various models? What is going on Draytek?
Please Log in or Create an account to join the conversation.
- ianfretwell
- Offline
- Member
Less
More
- Posts: 119
- Thank you received: 3
15 Nov 2024 09:37 #104147
by ianfretwell
Replied by ianfretwell on topic 700,000 DrayTek Routers at Risk from Critical Vulnerabilities!
It's simpler to just use the global site and forget the UK one - it's nearly always miles behind.
And at the end of the day, other than a minor modem code change (that never seems to make any operational difference anyway), the global STD firmware is just fine for UK use.
And at the end of the day, other than a minor modem code change (that never seems to make any operational difference anyway), the global STD firmware is just fine for UK use.
Please Log in or Create an account to join the conversation.
- Andy
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 29
- Thank you received: 4
15 Nov 2024 09:39 #104148
by Andy
Replied by Andy on topic 700,000 DrayTek Routers at Risk from Critical Vulnerabilities!
You might be right but I have always been told to stick to the UK site for firmware. Last thing I want to do is remote upgrade a firmware on a router using VDSL and it not come back online.
Please Log in or Create an account to join the conversation.
- ianfretwell
- Offline
- Member
Less
More
- Posts: 119
- Thank you received: 3
15 Nov 2024 09:41 - 15 Nov 2024 09:42 #104149
by ianfretwell
Replied by ianfretwell on topic 700,000 DrayTek Routers at Risk from Critical Vulnerabilities!
By who though? - it's just firmware - if you find a problem/issue just put the BT one back on. Your config is unaffected.
You either want the security fixes or you don't - it's pretty much as simple as that.
And remote upgrading firmware is a gamble pure and simple - there's just as much chance of it stalling with the BT firmware as the STD one.
You either want the security fixes or you don't - it's pretty much as simple as that.
And remote upgrading firmware is a gamble pure and simple - there's just as much chance of it stalling with the BT firmware as the STD one.
Last edit: 15 Nov 2024 09:42 by ianfretwell.
Please Log in or Create an account to join the conversation.
- ianfretwell
- Offline
- Member
Less
More
- Posts: 119
- Thank you received: 3
15 Nov 2024 09:49 - 15 Nov 2024 09:54 #104150
by ianfretwell
Replied by ianfretwell on topic 700,000 DrayTek Routers at Risk from Critical Vulnerabilities!
It really is a bit of joke when the release note for that 2927 4.4.5.7 say this:-
READ BEFORE UPGRADING
Vigor 2927Lac and Vigor 2927Lax-5G models only
The LTE connection may fail if the SIM card requires a PIN code. For routers relying solely on the LTE connection, it is recommended to skip this firmware version and use the next release.
So they've essentially released a known-to-be-broken firmware when the very wording implies that 4.4.5.8 (which already exists) isn't broken...I mean, why do this ?
The 4.4.5.8_STD release notes then state (released only a day after the 4.4.5.7_STD - so they obviously spotted it straight away I guess): -
Improved: Improve the Web GUI Security.
Corrected: An issue with incorrect IP conflict warnings.
Corrected: An issue with failure to establish LTE connection when SIM card with enabled PIN code.
READ BEFORE UPGRADING
Vigor 2927Lac and Vigor 2927Lax-5G models only
The LTE connection may fail if the SIM card requires a PIN code. For routers relying solely on the LTE connection, it is recommended to skip this firmware version and use the next release.
So they've essentially released a known-to-be-broken firmware when the very wording implies that 4.4.5.8 (which already exists) isn't broken...I mean, why do this ?
The 4.4.5.8_STD release notes then state (released only a day after the 4.4.5.7_STD - so they obviously spotted it straight away I guess): -
Improved: Improve the Web GUI Security.
Corrected: An issue with incorrect IP conflict warnings.
Corrected: An issue with failure to establish LTE connection when SIM card with enabled PIN code.
Last edit: 15 Nov 2024 09:54 by ianfretwell.
Please Log in or Create an account to join the conversation.
- Andy
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 29
- Thank you received: 4
15 Nov 2024 09:55 #104151
by Andy
Replied by Andy on topic 700,000 DrayTek Routers at Risk from Critical Vulnerabilities!
Support have always said to use the UK site and when I went on the Draytek training course a few years ago they said the same. The UK site firmware is supposed to be customised for the UK and with UK modem codes. It might make very little difference these days but if that's the case why have a specific UK version?
In regards to remote updating, yes its always a risk, but why add to that risk by using a firmware version that isn't intended for the country you are in?
Regarding the LTE pin issue - this is just another example of the poor quality firmware releases we have seen this year. I mean how did they not realise a couple of months ago that the firmware broke the QoS page, that's basic QA testing.
In regards to remote updating, yes its always a risk, but why add to that risk by using a firmware version that isn't intended for the country you are in?
Regarding the LTE pin issue - this is just another example of the poor quality firmware releases we have seen this year. I mean how did they not realise a couple of months ago that the firmware broke the QoS page, that's basic QA testing.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek