A vulnerability related to the disclosure of sensitive information has been discovered, which could potentially allow an unauthenticated attacker to retrieve router's information through a specified POST request. We have promptly addressed this issue and released corresponding firmware updates that incorporate necessary security enhancements.
| Model | Fixed Firmware Version |
|---|---|
| Vigor2620 LTE | 3.9.8.7 |
| VigorLTE 200n | 3.9.8.7 |
| Vigor2133 | 3.9.7 |
| Vigor2135 | 4.4.3.2 |
| Vigor2762 | 3.9.7 |
| Vigor2763 | 4.4.3.2 |
| Vigor2765 | 4.4.3.2 |
| Vigor2766 | 4.4.3.2 |
| Vigor2832 | 3.9.7 |
| Vigor2860 / 2860 LTE | 3.9.6 |
| Vigor2862 / 2862 LTE | 3.9.9.3 |
| Vigor2865 / 2865 LTE | 4.4.5 |
| Vigor2866 / 2866 LTE | 4.4.5* |
| Vigor2915 | 4.4.3.1 |
| Vigor2925 / 2925 LTE | 3.9.6 |
| Vigor2926 / 2926 LTE | 3.9.9.3 |
| Vigor2927 / 2927 LTE | 4.4.5 |
| Vigor2952 / 2952P | 3.9.8.1 |
| Vigor2962 | 4.3.2.6 |
| Vigor3220 | 3.9.8.1 |
| Vigor3910 | 4.3.2.6 |
| Vigor3912 | 4.3.5.1 |
*Firmware unreleased
We would like to express our appreciation to the CataLpa from Dbappsecurity Co. Ltd. for their efficient testing and timely reporting.
Should you have any security-related inquiry regarding one of our products, please contact DrayTek Technical Support.