Home > About > Security Advisory >

Vigor3900 / Vigor2960 / Vigor300B Router Web Management Page Vulnerability (CVE-2020-8515)

Released Date: 2020-02-10

On Jan 30th we became aware of a possible exploit of the Vigor2960/3900/300B related to the WebUI. It was identified during testing and reported to us. On the 6th Feb, we released an updated firmware to address this issue.

You should upgrade as soon as possible to 1.5.1 firmware or later.

If you have remote access enabled on your router, disable it if you don't need it, and use an access control list if possible. If you have not updated the firmware yet, disable remote access (admin) and SSL VPN. The ACL does not apply to SSL VPN connections (Port 443) so you should also temporarily disable SSL VPN until you have updated the firmware.

The issue only affects the Vigor 3900 / 2960 / 300B and is not known to affect any other DrayTek products.

Affected Products and the Fixed Firmware Version

Model Fixed Firmware Version Download Link
Vigor300B 1.5.1
Vigor2960 1.5.1
Vigor3900 1.5.1
Contact Technical Support

Should you have any security-related inquiry regarding one of our products, please contact DrayTek Technical Support.