Many popular DrayTek routers, including the popular Vigor 130 to 166 modems, have received an important security update.
All affected devices are (with the specified, fixed firmware version):
| Vigor3910 | 4.3.2.2 |
| Vigor3220 Series | 3.9.7.4 |
| Vigor2962 Series | 4.3.2.2 |
| Vigor1000B | 4.3.2.2 |
| Vigor2952 / 2952P | 3.9.7.4 |
| Vigor2927 Series | 4.4.2.3 |
| Vigor2927 LTE Series | 4.4.2.3 |
| Vigor2926 Series | 3.9.9.1 |
| Vigor2926 LTE Series | 3.9.9.1 |
| Vigor2925 Series | 3.9.4 |
| Vigor2925 LTE Series | 3.9.4 |
| Vigor2915 Series | 4.4.2.1 |
| Vigor2866 Series | 4.4.1.1 |
| Vigor2866 LTE Series | 4.4.1.1 |
| Vigor2865 Series | 4.4.1.1 |
| Vigor2865 LTE Series | 4.4.1.1 |
| Vigor2862 Series | 3.9.9.1 |
| Vigor2862 LTE Series | 3.9.9.1 |
| Vigor2860 Series | 3.9.4 |
| Vigor2860 LTE Series | 3.9.4 |
| Vigor2832 Series | 3.9.6.3 |
| Vigor2766 Series | 4.4.2.1 |
| Vigor2765 Series | 4.4.2.1 |
| Vigor2763 Series | 4.4.2.2 |
| Vigor2762 Series | 3.9.6.5 |
| Vigor2135 Series | 4.4.2.1 |
| Vigor2133 Series | 3.9.6.5 |
| Vigor166 | 4.2.4.1 |
| Vigor165 | 4.2.4.1 |
| Vigor130 | 3.8.5.1 |
| VigorNIC 132 | 3.8.5.1 |
The error was CVE-2023-23313, a Cross- Site scripting vulnerability exposed in the Hotspot Web Portal and in the user management of the affected devices.
You can download the new firmware for your devices right here.
