Security Advisory: Spectre & Meltdown CPU Vulnerabilities


Security Advisory: Spectre & Meltdown CPU Vulnerabilites

In January 2018, a general alert/disclosure was released regarding potential vulnerabilities in CPUs.produced by most major vendors (though not affecting all CPUs) but particularly of concern to high power CPUs used in servers and PCs.

These vulnerabilities have been called Spectre and Meltdown. To implement an attack, rogue code has to be installed and executed on the target device (PC, laptop, phone etc). It can also affect CPUs/devices which are running cloud services. To implement an attack, an attacker has to secretly install software, get you to download an infected apps or run client-side web code delivered in a browser on the target device.

The vulnerabilities have been identified by several reference numbers, including Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715 and also EXPLOIT-DB:43427). As information is an evolving, there may be more.

DrayTek Products

No DrayTek products are vulnerable to Meltdown or Spectre. This includes routers, modems, switches and wireless access points. None of our products use affected CPUs. In addition, DrayTek products operate under a closed ecosystem; it is not possible to install additional apps or code into any of our hardware products which would be a pre-requisite for either of these vulnerabilities.

Advice Regarding other Services / Products (non-DrayTek)

You should check equivalent statements/advisories from the providers of all of your other networking hardware vendors, servers, PCs, web service providers and ISPs and then follow the advice of each of them regarding any necessary precautions or updates.

Disclaimer : Please check this web page again for any new/updated information. You are advised to always keep your product's firmware or software up-to-date and keep in touch with your vendors to be advised of any new vulnerabilities (for example by subscribing to mailing lists). The information is this web page is provided in good faith based on the the information available to us at the current time, following an appropriate assessment but without acceptance of liability in the case of new, developing or existing threats or unlawful activity against your system. Any suggestions given above are provided as general information but should not be considered a thorough or specific assessment of your own individual security risks and you should take formal advice from a security expert to assess your specific security needs. As with any advisory, the suggested advice forms part of your own security planning and protocols.