Security Advisory: SSLv3 POODLE Vulnerability (CVE-2014-3566)
Recently, a vulnerability in the design of SSL version 3.0 was made public](Google Online Security Blog: This POODLE bites: exploiting the SSL 3.0 fallback). We have evaluated our products and online services for the impact of this vulnerability.
For our router and AP products, we confirm that SSLv3 is one of the supported protocols for the web admin UI that is using HTTPS.
Temporary Resolution
As a security recommendation, we urge our customers to disable SSLv3 wherever possible, especially in web browsers. Detailed instructions can be found here](ssl - Disable SSLv3 in major browsers - Super User) (credit: superuser.com).
Permanent Resolution
Peplink is working on a permanent fix that will be included in:
- Balance/MAX/MediaFast/FusionHub/Surf SOHO Firmware 6.2 (expected in late Dec)
- AP Firmware 3.5.1 (expected in late Dec)
For our online services (online store, user forum, InControl), we have applied mitigation to fully resolve the issue.
Thank you for your attention.
The Peplink Team