Home > About > Security Advisory >

Information Disclosure Vulnerability (CVE-2024-23721)

Released Date: 2024-03-27

A vulnerability related to the disclosure of sensitive information has been discovered, which could potentially allow an unauthenticated attacker to retrieve router's information through a specified POST request. We have promptly addressed this issue and released corresponding firmware updates that incorporate necessary security enhancements.

Affected Products

Model Fixed Firmware Version
Vigor2620 LTE 3.9.8.7
VigorLTE 200n 3.9.8.7
Vigor2133 3.9.7
Vigor2135 4.4.3.2
Vigor2762 3.9.7
Vigor2763 4.4.3.2
Vigor2765 4.4.3.2
Vigor2766 4.4.3.2
Vigor2832 3.9.7
Vigor2860 / 2860 LTE 3.9.6
Vigor2862 / 2862 LTE 3.9.9.3
Vigor2865 / 2865 LTE 4.4.5*
Vigor2866 / 2866 LTE 4.4.5*
Vigor2915 4.4.3.1
Vigor2925 / 2925 LTE 3.9.6
Vigor2926 / 2926 LTE 3.9.9.3
Vigor2927 / 2927 LTE 4.4.5
Vigor2952 / 2952P 3.9.8.1
Vigor2962 4.3.2.6
Vigor3220 3.9.8.1
Vigor3910 4.3.2.6
Vigor3912 4.3.5.1

*Firmware unreleased

Recognizing Contribution

We would like to express our appreciation to the CataLpa from Dbappsecurity Co. Ltd. for their efficient testing and timely reporting.

Contact Technical Support

Should you have any security-related inquiry regarding one of our products, please contact DrayTek Technical Support.