Security Advisory


A vulnerability related to the disclosure of sensitive information has been discovered, potentially allowing an unauthenticated attacker to retrieve the router’s information through a specified POST request.

DrayTek has addressed this issue and released firmware updates for affected routers. Affected router models and updated firmware versions are listed below:

Model Fixed Firmware Version
Vigor2620 LTE 3.9.8.7
VigorLTE 200n 3.9.8.7
Vigor2133 3.9.7
Vigor2135 4.4.3.2*
Vigor2762 3.9.7
Vigor2763 4.4.3.2*
Vigor2765 4.4.3.2
Vigor2766 4.4.3.2*
Vigor2832 3.9.7
Vigor2860 / 2860 LTE 3.9.6
Vigor2862 / 2862 LTE 3.9.9.3
Vigor2865 / 2865 LTE 4.4.5*
Vigor2866 / 2866 LTE 4.4.5*
Vigor2915 4.4.3.1
Vigor2925 / 2925 LTE 3.9.6
Vigor2926 / 2926 LTE 3.9.9.3
Vigor2927 / 2927 LTE 4.4.5
Vigor2952 / 2952P 3.9.8.1
Vigor2962 4.3.2.6
Vigor3220 3.9.8.1
Vigor3910 4.3.2.6
Vigor3912 4.3.5.1

*Firmware not yet available

Firmware for these router models is available for download at https://www.draytek.com.au/support/downloads/
 


Latest Firmware


 

Vigor2765 V4.4.3.2
Improvements

  • Improve Web GUI Security (CVE-2024-23721).
  • Fixed: Failure to login web when the WAN was up

Click here to download the firmware.