Home > About > Security Advisory >

OpenSSL vulnerability (CVE-2022-0778)

Released Date: 2022-04-27

A Denial-Of-Service Vulnerability In OpenSSL (CVE-2022-0778) has been found on On 15th March 2022. The BN_mod_sqrt() function in OpenSSL, which is used for parsing certificates contains a bug that can cause it to go into an endless loop. Our products are affected, the HTTPS server for management may stop working and result in a reboot when parsing or importing a maliciously crafted certificate. OpenSSL has released a security update to address the vulnerability. DrayTek will release new firmwares with security updates for OpenSSL vulnerability as follows.

  • Routers
  • Access Points
  • Switches
Model Fixed Firmware Version
Vigor3220 Series
Vigor2962 Series
Vigor2952 / 2952P
Vigor2927 Series 4.4.0
Vigor2927 LTE Series 4.4.0
Vigor2926 Series
Vigor2926 LTE Series
Vigor2925 Series 3.9.2
Vigor2925 LTE Series 3.9.2
Vigor2915 Series
Vigor2912 3.8.15
Vigor2866 Series 4.4.0
Vigor2866 LTE Series 4.4.0
Vigor2865 Series 4.4.0
Vigor2865 LTE Series 4.4.0
Vigor2862 Series
Vigor2862 LTE Series
Vigor2860 Series 3.9.2
Vigor2860 LTE Series 3.9.2
Vigor2766 Series 4.4.2
Vigor2765 Series 4.4.2
Vigor2762 Series
Vigor2760 Series
Vigor2620 LTE Series
VigorLTE 200n
Vigor2135 Series 4.4.2
Vigor2133 Series
Vigor167 5.1.1
Vigor166 4.2.4
Vigor165 4.2.4
VigorNIC 132 3.8.5
Vigor130 3.8.5
Model Fixed Firmware Version
VigorAP 1000C 1.4.3
VigorAP 802 1.4.5
VigorAP 903 1.4.4
VigorAP 912C 1.4.6
VigorAP 918R Series 1.4.3
VigorAP 920R Series 1.4.3
VigorAP 960C 1.4.4
VigorAP 1060C 1.4.6
Model Fixed Firmware Version
VigorSwitch G1282 2.7.3
VigorSwitch P1282 2.7.3
VigorSwitch G2100 2.7.3
VigorSwitch P2100 2.7.3
VigorSwitch G2280x 2.7.3
VigorSwitch P2280x 2.7.3
VigorSwitch G2540x 2.7.3
VigorSwitch P2540x 2.7.3
VigorSwitch G2540xs 3.7.3
VigorSwitch P2540xs 3.7.3
VigorSwitch FX2120 3.7.3
Contact Technical Support

Should you have any security-related inquiry regarding one of our products, please contact DrayTek Technical Support.