Peplink Security Advisory: FREAK Vulnerability (CVE-2015-0204)


#1

Security Advisory: FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204)
On March 3, 2015, a vulnerability in SSL/TLS was made public https://freakattack.com/. We have evaluated our products and online services to assess the impact of this vulnerability.

Products:

Firmware versions 5.3.x and above are not affected. Product series include: Balance, MAX, FusionHub, Surf SOHO and MediaFast.
AP series: Affected. A security update, version 3.5.1 has been made available for download - please see below.

Services:

incontrol2.peplink.com: Not affected.
store.peplink.com: Not affected.
forum.peplink.com: Not affected.

peplink.com: Resolved.
secure.peplink.com: Resolved.
Product demos: Resolved.

Resolution:

Administrators are advised to keep the firmware up to date.

For AP One AC mini: http://download.peplink.com/firmware/apone/fw-aponeac-3.5.1.zip
For All other AP series: http://download.peplink.com/firmware/apone/fw-apone_appro-3.5.1.zip
For all other products: http://www.peplink.com/support/downloads/

For our online services (website, online store, user forum, InControl), security update has already been applied to resolve all issues relating to this vulnerability.

Thank you for your attention.

The Peplink Team


#2

#3