Firmware security update for many DrayTek routers

draytek firmware update

Security updates for DrayTek Routers.

Many popular DrayTek routers, including the popular Vigor 130 to 166 modems, have received an important security update.

All affected devices are (with the specified, fixed firmware version):

Vigor39104.3.2.2
Vigor3220 Series3.9.7.4
Vigor2962 Series4.3.2.2
Vigor1000B4.3.2.2
Vigor2952 / 2952P3.9.7.4
Vigor2927 Series4.4.2.3
Vigor2927 LTE Series4.4.2.3
Vigor2926 Series3.9.9.1
Vigor2926 LTE Series3.9.9.1
Vigor2925 Series3.9.4
Vigor2925 LTE Series3.9.4
Vigor2915 Series4.4.2.1
Vigor2866 Series4.4.1.1
Vigor2866 LTE Series4.4.1.1
Vigor2865 Series4.4.1.1
Vigor2865 LTE Series4.4.1.1
Vigor2862 Series3.9.9.1
Vigor2862 LTE Series3.9.9.1
Vigor2860 Series3.9.4
Vigor2860 LTE Series3.9.4
Vigor2832 Series3.9.6.3
Vigor2766 Series4.4.2.1
Vigor2765 Series4.4.2.1
Vigor2763 Series4.4.2.2
Vigor2762 Series3.9.6.5
Vigor2135 Series4.4.2.1
Vigor2133 Series3.9.6.5
Vigor1664.2.4.1
Vigor1654.2.4.1
Vigor1303.8.5.1
VigorNIC 1323.8.5.1

The error was CVE-2023-23313, a Cross- Site scripting vulnerability exposed in the Hotspot Web Portal and in the user management of the affected devices.

You can download the new firmware for your devices right here.

Leave a Reply

Your email address will not be published. Required fields are marked *

Close