01-04-2021 11:10 PM
I did a network scan earlier today and the result was telling me the Actiontec T3200M modem/router is at high risk for SSLv2-Drown. The recommendation was to update the firmware. Logging into the router, I can find the firmware version (31.164.L.18) and date (12/11/2018) but I can no way to check for updates. Is this something that only Telus can do?
Solved! Go to Solution.
01-05-2021 01:02 AM - edited 01-05-2021 01:02 AM
The Drown vulnerability has nothing to do with your router. It has to do with the encryption over the internet between your PC or device and a target server outside your network. The vulnerability comes from the target server you connect to that is utilizing the older SSLv2 encryption. Telus doesn't allow users to remotely log in to their gateways remotely so there isn't a risk of this exploit being used there. If you have a server hosted somewhere, then you'd definitely want to ensure the configuration has SSLv2 disabled.
01-04-2021 11:21 PM
Normally updates are pushed to the modem automatically. There isn’t any way you can “check” for an update to install.
01-04-2021 11:48 PM
Got it. So Telus doesn't feel this particular vulnerability is an high risk issue?
01-05-2021 01:02 AM - edited 01-05-2021 01:02 AM
The Drown vulnerability has nothing to do with your router. It has to do with the encryption over the internet between your PC or device and a target server outside your network. The vulnerability comes from the target server you connect to that is utilizing the older SSLv2 encryption. Telus doesn't allow users to remotely log in to their gateways remotely so there isn't a risk of this exploit being used there. If you have a server hosted somewhere, then you'd definitely want to ensure the configuration has SSLv2 disabled.
01-05-2021 10:13 AM
Thank you for the detailed reply, much appreciated. 😊