DrayTek Security Advisory

DrayTek is committed to ensuring the security and stability of our products and service systems. Our Product Security Incident Response Team (PSIRT) takes a proactive approach to protect the security and privacy of our valued customers. You can refer to our Vulnerability Disclosure Policy for further guidance and information in the event of reporting a vulnerability.

Recently Released

Advisory Affected Products Release Date
Information Disclosure Vulnerability (CVE-2024-23721) Routers 2024-03-27
Format string vulnerability (CVE-2023-31447) Routers 2023-08-23
Cross-Site Scripting vulnerability (CVE-2023-23313) Routers 2023-03-02
DrayTek Router unauthenticated remote code execution vulnerability (CVE-2022-32548) Routers 2022-08-04
OpenSSL vulnerability (CVE-2022-0778) Routers / APs / Switches 2022-04-27
Log4Shell Vulnerability (CVE-2021-4104 / CVE-2021-44228 / CVE-2021-45046 / CVE-2021-45105 ) none 2021-12-14
VigorConnect software security Vulnerability (CVE-2021-20123 - CVE-2021-20129) VigorConnect 2021-10-15
Improve WebUI security for Vigor3910 and Vigor2962 Series Vigor3910/2962 2021-07-08
FragAttacks vulnerability on WiFi Products Wi-Fi Routers / APs 2021-06-04
Vigor3900 / Vigor2960 / Vigor300B Remote code injection/execution Vulnerability (CVE-2020-19664) Linux Routers 2021-01-08
Vigor3900 / Vigor2960 / Vigor300B Stack-based buffer overflow Vulnerability (CVE-2020-14473 / CVE-2020-14993) Linux Routers 2020-06-24
Vigor3900 / Vigor2960 / Vigor300B Remote code injection/execution Vulnerability (CVE-2020-14472 / CVE-2020-15415) Linux Routers 2020-06-24
Vigor3900 / Vigor2960 / Vigor300B Stack-based buffer overflow Vulnerability (CVE-2020-10823 ~ CVE-2020-10828) Linux Routers 2020-04-08
Vigor3900 / Vigor2960 / Vigor300B Router Web Management Page Vulnerability (CVE-2020-8515) Linux Routers 2020-02-10
DrayTek Router Web Management Page Vulnerability DrayOS Routers 2018-05-18
ROBOT Attack Vulnerability VU#144389 none 2017-12-20
DNSMasq Vulnerability Linux Routers 2017-11-08
WPA2 KRACK Vulnerability Selected wireless Routers and APs 2017-10-18
Shellshock Bug (CVE-2014-6271) none 2014-09-28