FragAttacks vulnerability on WiFi Products

Released Date: 2021-06-04

"FragAttacks” Wi-Fi vulnerability is manufacturer-independent and affects various wireless devices such as smartphones, notebooks, routers, and game consoles. We are not aware of unauthorized exploitation of FragAttacks, which might only occur in the direct physical proximity of the Wi-Fi network. The security of services such as mail or apps that perform encryption using TLS protocols, or internet connection via HTTPS pages, is not affected by the vulnerability. Based on current knowledge, practical effects of FragAttacks are unlikely.

DrayTek has released new firmware with security updates against FragAttacks.

Model	Fixed Firmware Version	Download Link
Vigor2135ac	4.3.1.1
Vigor2620Ln	3.9.7
Vigor2760 Delight	3.8.9.5
Vigor2765ac / 2765Vac	4.3.1.1
Vigor2862n / Vigor2862ac / 2862Vac / Vigor2862Bn / 2862Ln / 2862Lac	3.9.6.2
Vigor2865ac / 2865Vac / 2865Lac	4.3.1.1
Vigor2927ac / 2927Vac / 2927Lac	4.2.4.1
Vigor2915ac	4.3.2.1
VigorLTE 200n	3.9.7
VigorAP 1060C	1.4.3
VigorAP 710	1.3.4
VigorAP 802	1.4.2
VigorAP 810	1.3.4
VigorAP 902	1.3.4
VigorAP 903	1.4.2
VigorAP 910C	1.3.4
VigorAP 912C	1.4.2
VigorAP 960C	1.4.2
VigorAP 918R Series	1.4.2
VigorAP 920R Series	1.4.2

Further updates for the following products will follow soon.

Model	Fixed Firmware Version
VigorAP 920C	TBD
VigorAP 1000C	TBD

For the EOL models with chips and drivers no longer supported by WiFi chip vendors, we recommend that users follow the general security practices below or upgrade to the new models.

Enable WPA2/WPA3 for wireless connections.
Use strong, unique WiFi passwords for each SSID, and change them regularly.
Use the applications with encryption.

Contact Technical Support

Should you have any security-related inquiry regarding one of our products, please contact DrayTek Technical Support.