Does anyone have any information regarding the critical firmware release for almost all DrayTek routers? The fact they have released updates for even the old v2820 makes me think it must be a big issue.

The firmware notes only say the following...

Security improvements including one or more considered critical.

Any ideas? Just wondering how big an issue it is?

Well, I'd say it shouldn't make any different to your actions so it's somewhat moot; if it says 'critical', upgrade...and if it's a big bug, them telling people what it is makes people (who don't upgrade) less secure because most people don't read newsletters, check for new f/w etc, or even go into their WUI ever!

Just applied the latest firmware to a pair of 2952s running in HA (hot-standby) mode and it breaks things !
To be specific, I have all of the DoS options enabled, and if "Enable ICMP flood defense" is enabled, the routers go into a continuous reboot loop.
Will report this back to Draytek - bit disappointed 'cos I've been beta testing firmware for precisely this issue (and the last beta I had resolved it)
Also, the "Force Router to use DNS server..." in LAN >> General Setup STILL doesn't have an option to select the LAN (again, reported several times in testing)
Cheers
Simon
PS Might post a separate post for the 2952 issue specific to the new firmware

admin wrote: Well, I'd say it shouldn't make any different to your actions so it's somewhat moot; if it says 'critical', upgrade...and if it's a big bug, them telling people what it is makes people (who don't upgrade) less secure because most people don't read newsletters, check for new f/w etc, or even go into their WUI ever!

I agree, just wondered if its something that affects every router out of the box or only routers that then have a specific feature enabled, sometimes security flaws can be very niche.

admin wrote: Well, I'd say it shouldn't make any different to your actions so it's somewhat moot; if it says 'critical', upgrade...and if it's a big bug, them telling people what it is makes people (who don't upgrade) less secure because most people don't read newsletters, check for new f/w etc, or even go into their WUI ever!

Personally I don't really buy that. It is not difficult for malicious groups to reverse engineer the differences between firmware codes.
Industry best practice is to advise what the issue is and offer a patch/fix. DrayTek have done the latter but not the former.

DrayTek products are not cheap consumer devices and business customers expect more information before applying firmware updates.

So I bit the bullet and upgraded anyway as the upgrade is deemed critical.

Feedback so far:
- Upgrade was carried out no issue
- large overnight traffic (>40GB) over router based VPN successful. Completed 2 hours before the following issue occurred.
- this morning between 5:31am and 7:03am the router repeatedly lost WAN1 (VDSL2) connection every 3 minutes. Could be coincidental but appeared to be resolved after a hard reboot.

I will keep an eye on this.