Forum Discussion
Solved
SSLv2-Drown Vulnerability
I did a network scan earlier today and the result was telling me the Actiontec T3200M modem/router is at high risk for SSLv2-Drown. The recommendation was to update the firmware. Logging into the router, I can find the firmware version (31.164.L.18) and date (12/11/2018) but I can no way to check for updates. Is this something that only Telus can do?
The Drown vulnerability has nothing to do with your router. It has to do with the encryption over the internet between your PC or device and a target server outside your network. The vulnerability comes from the target server you connect to that is utilizing the older SSLv2 encryption. Telus doesn't allow users to remotely log in to their gateways remotely so there isn't a risk of this exploit being used there. If you have a server hosted somewhere, then you'd definitely want to ensure the configuration has SSLv2 disabled.
4 Replies
Replies have been turned off for this discussion
Normally updates are pushed to the modem automatically. There isn’t any way you can “check” for an update to install.
Got it. So Telus doesn't feel this particular vulnerability is an high risk issue?
- Nighthawk
Community Power User
The Drown vulnerability has nothing to do with your router. It has to do with the encryption over the internet between your PC or device and a target server outside your network. The vulnerability comes from the target server you connect to that is utilizing the older SSLv2 encryption. Telus doesn't allow users to remotely log in to their gateways remotely so there isn't a risk of this exploit being used there. If you have a server hosted somewhere, then you'd definitely want to ensure the configuration has SSLv2 disabled.
