Hi all

We have a Draytek 3900 running fw 1.3.0. Our vulnerability scanner has picked up an issue with the implementation of SSH. Is there a way to report this to Draytek HQ and have them look at patching?

For now we've disabled SSH, but really such a thing should be resolved for those people who need SSH support.

Here's the vulnerability report.




Dropbear SSH Multiple Vulnerabilities
Risk:Serious
Application:ssh
Port:22
Protocol:tcp
ScriptID:106381
Vulnerability Detection Result: Installed version: 0.49 Fixed version: 2016.74
Summary: Dropbear SSH is prone to multiple vulnerabilities.
CVSS Base Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact: An authenticated attacker may run arbitrary code.
Solution: Update to 2016.74 or later.
Vulnerability Detection Method: Checks the version.
Affected Software/OS: Dropbear SSH 2016.73 and prior.

oliverm2 wrote: Is there a way to report this to Draytek HQ and have them look at patching?

It's here: http://www.draytek.co.uk/support/techquery