Weekly Update 10 April 2025
Security Advisory
WLAN Driver Vulnerabilities (CVE-2025-20631 ~ CVE-2025-20633)
In February, DrayTek identified several vulnerabilities related to WLAN Chipsets and has provided updated firmware to address these vulnerabilities.
More details are available in the Security Advisory:
WLAN Driver Vulnerabilities (CVE-2025-20631 ~ CVE-2025-20633)
- It is highly recommended that you check the firmware of the units you own or manage and ensure they run patched versions.
- If the devices run older firmware, upgrade them immediately to the versions listed below.
Before upgrading:
· - Back up your current configuration (System Maintenance > Config Backup).
· - Use the ".ALL" file to upgrade and preserve your settings.
· - If upgrading from an older version, review the release notes for specific instructions.
If remote access is enabled:
· - Disable it unless necessary.
· - Use an access control list (ACL) and enable 2FA if possible.
· - For unpatched routers, disable both remote access (admin) and SSL VPN.
· Note: ACL does not apply to SSL VPN (Port 443), so temporarily disable SSL VPN until it is upgraded.
Affected Products and Fixed Firmware Versions:
VigorLTE 200n - 3.9.9.3
Vigor2620 LTE - 3.9.9.3
Vigor2135 - 4.4.5.7
Vigor2136 - 5.3.1
Vigor2765 - 4.4.5.7
Vigor2766 - 4.4.5.7
Vigor2865 / 2865 LTE / 2865L-5G - 4.4.6.1
Vigor2866 / 2866 LTE / 2866L-5G - 4.4.6.1
Vigor2915 - 4.4.5.1
Vigor2927 / 2927 LTE / 2927L-5G - 4.4.6.1
Vigor C410 - 5.3.1
Vigor C510 - 5.3.1
VigorAP 805 - 5.0.4
VigorAP 903 - 1.4.18
VigorAP 962C - 5.0.4
VigorAP 1062C - 5.0.4
Recommended Additional Security Measures:
· - Regularly check for and apply firmware updates.
· - Implement strong, unique passwords for all accounts.
· - Enable and configure firewall settings appropriately.
· - Monitor your network for any suspicious activities.
Latest Knowledge Base article
How to set up 4 SSIDs using VLAN tags on a 2136ax
This article includes a short video showing how to create 4 SSIDs on the Vigor2136ax and deploy it using VLAN tags to a VigorAP 903 access Point.
Click here to see the article.
Calendar Events from DrayTek HQ
DrayTek HQ frequently sends notifications about system updates, outages, security alerts, and firmware releases.
Click here for the latest news from DrayTek HQ.
To subscribe to our regular news updates, click “Subscribe” on this page or log into your i-helpdesk account and enable the “Subscribe” option.
Related Articles
Weekly Update 16 April 2020
Upcoming Webinar Free Webinar – Working from Home with DrayTek VPN Solutions Tuesday 21 April 2020 10:00AM – 10:30 AM (AEST) With the current effort to slow the spread of the CORVID-19 coronavirus, many businesses are looking at how they can ...Weekly Update 18 April 2023
Latest Videos How to use mOTP for SSL VPN on iPhone This video shows how to quickly set up an SSL VPN tunnel using SmartVPN for an iPhone, and adding mOTP for 2FA authentication. It also shows how to use the internal mOTP generator that has been ...Weekly Update 4 April 2022
Upcoming Webinar Free Webinar – DrayTek Wireless Mesh Solutions Part 2 Tuesday 12st April 2022, 12:00 noon AEST Duration: 30 minutes Tune into our next YouTube Premiere webinar: DrayTek Wireless Mesh Solutions Part 2 This is part 2 of our 2-part ...Weekly Update 14 April 2021
Latest Application Notes LAN Forward All DNS Queries to a Private DNS Server The latest firmware for DrayTek routers now includes an option to forward all DNS requests to a private DNS server regardless of the setting in the client PC. This ...Weekly Update 29 April 2025
Latest Videos DrayTek Vigor2136 Series Overview This video introduces the DrayTek Vigor2136 series routers - a powerful and versatile solution for small and medium-sized businesses demanding robust performance and reliable connectivity. The Vigor2136 ...