In October 2017, researchers studying the DNSMasq code/protocol discovered various vulnerabilities. DNSMasq is widely used in networking products, Linux distributions, embedded products, mobile phones, and IoT devices. The vulnerabilities are logged under the following references: CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, and CVE-2017-13704.
No DrayTek products operating DrayOS are affected by this issue and they do not use DNSMasq. DrayOS is our own proprietary operating system which does not have 3rd party library dependencies.
Our Linux-based products (Vigor 2960 & Vigor 3900) will have updated firmware released ASAP as firmware version 1.3.2. Please download and install that as soon as it is released. Even if your product is not affected by this issue, you should still always keep your products up to date with the latest firmware which may provide other enhancements or security improvements.
Should you have any security-related inquiry regarding one of our products, please contact DrayTek Technical Support.