dbfb > News and resources > Draytek router update information

Draytek router update information

We’d like to inform you of a confirmed vulnerability affecting some of the DrayTek products that has been identified by the manufacturer during testing.

The best practice recommendation is to always keep firmware up to date, but DrayTek are highly recommending that you check that affected units are running at least the firmware version in the table below.

If the model is not listed below, it is not affected by this vulnerability.

Affected Model	Fixed Firmware Version
Vigor3910	4.3.1.1
Vigor2962 Series	4.3.1.1
Vigor2927 Series	4.4.0
Vigor2927 LTE Series	4.4.0
Vigor2915 Series	4.3.3.2
Vigor2866 Series	4.4.0
Vigor2866 LTE Series	4.4.0
Vigor2865 Series	4.4.0
Vigor2865 LTE Series	4.4.0
Vigor2862 Series	3.9.8.1
Vigor2862 LTE Series	3.9.8.1
Vigor2832	3.9.6.1
Vigor2766 Series	4.4.2
Vigor2765 Series	4.4.2
Vigor2762 Series	3.9.6.4
Vigor2620 LTE Series	3.9.8.1
VigorLTE 200n	3.9.8.1
Vigor2135 Series	4.4.2
Vigor1000B	4.3.1.1
Vigor166	4.2.4
Vigor165	4.2.4
Vigor3220 Series	3.9.7.2
Vigor2952 / 2952P	3.9.7.2
Vigor2926 Series	3.9.8.1
Vigor2926 LTE Series	3.9.8.1
Vigor2925 Series	3.9.2
Vigor2925 LTE Series	3.9.2
Vigor2912	3.8.15
Vigor2860 Series	3.9.2
Vigor2860 LTE Series	3.9.2
Vigor2133 Series	3.9.6.4

Recommended actions

If you have not already upgraded, update your firmware immediately. Before doing the upgrade, take a backup of your current config in case you need to restore it later (system maintenance -> Config Backup). Do use the .ALL file to upgrade, otherwise you will wipe your router settings. If you are upgrading from a much older firmware then please check the release notes carefully for any upgrading instructions.
If you have remote access enabled on your router, disable it if you don’t need it, and use an access control list and 2FA if possible. If your unit is not already running patched firmware (see table above), disable remote access (admin) and SSL VPN. The ACL does not apply to SSL VPN connections (Port 443) so you should also temporarily disable SSL VPN until you have updated the firmware.

If you would like to discuss this further, or require our assistance in ensuring your equipment is secure, please contact customer services on:

01604 673320 | delight@dbfb.co.uk

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Draytek router update information

Tell me about the Cookies!