Weekly Update 3 April 2024

Weekly Update 3 April 2024

Security Advisory

Information Disclosure Vulnerability (CVE-2024-23721)

Release Date: 2024-03-27

A vulnerability related to the disclosure of sensitive information has been discovered, potentially allowing an unauthenticated attacker to retrieve the router's information through a specified POST request.

DrayTek has addressed this issue and released firmware updates for affected routers. Affected router models and updated firmware versions are listed below:

Model                                  Fixed Firmware Version

Vigor2620 LTE                                    3.9.8.7

VigorLTE 200n                                    3.9.8.7

Vigor2133                                            3.9.7

Vigor2135                                            4.4.3.2*

Vigor2762                                            3.9.7

Vigor2763                                            4.4.3.2*

Vigor2765                                            4.4.3.2

Vigor2766                                            4.4.3.2*

Vigor2832                                            3.9.7

Vigor2860 / 2860 LTE                      3.9.6

Vigor2862 / 2862 LTE                      3.9.9.3

Vigor2865 / 2865 LTE                      4.4.5*

Vigor2866 / 2866 LTE                      4.4.5*

Vigor2915                                            4.4.3.1

Vigor2925 / 2925 LTE                      3.9.6

Vigor2926 / 2926 LTE                      3.9.9.3

Vigor2927 / 2927 LTE                      4.4.5

Vigor2952 / 2952P                           3.9.8.1

Vigor2962                                            4.3.2.6

Vigor3220                                            3.9.8.1

Vigor3910                                            4.3.2.6

Vigor3912                                            4.3.5.1

 

*Firmware not yet available

Firmware for these router models is available for download at https://www.draytek.com.au/support/downloads/


Latest Firmware

Vigor2765 V4.4.3.2

Improvements

·               -  Improve Web GUI Security (CVE-2024-23721).

·               -  Fixed: Failure to login web when the WAN was up 

Click here to download the firmware.

 


To subscribe to our regular news updates, click on “Subscribe” on this page or login into your i-helpdesk account and enable the “Subscribe” option.



    • Related Articles

    • Weekly Update 22 April 2020

      Security Advisory Vigor3900 / Vigor2960 / Vigor300BStack-based buffer overflow Vulnerability (CVE-2020-10823 ~ CVE-2020-10828) This is a critical upgrade. You should upgrade affected VigorRouters as soon as possible to firmware v1.5.1 or later to ...

    • Weekly Update 4 May 2022

      Security Advisory OpenSSL vulnerability (CVE-2022-0778) Released Date: 2022-04-27 A Denial-Of-Service Vulnerability in OpenSSL (CVE-2022-0778) has been found recently. The BN_mod_sqrt() function in OpenSSL, which is used for parsing certificates ...

    • Weekly Update 13 February 2020

      Security Advisory Vigor3900 / Vigor2960 / Vigor300B Router Web Management Page Vulnerability (CVE-2020-8515) A vulnerability has been discovered that allows attackers to gain unauthorised remote access to the router management page.  This has been ...

    • Weekly Update 4 April 2022

      Upcoming Webinar Free Webinar – DrayTek Wireless Mesh Solutions Part 2 Tuesday 12st April 2022, 12:00 noon AEST Duration: 30 minutes   Tune into our next YouTube Premiere webinar: DrayTek Wireless Mesh Solutions Part 2 This is part 2 of our 2-part ...

    • Weekly Update 8 July 2021

      Security Update Due to recent events where, cyber attackers have tried to gain access to systems protected by DrayTek routers, DrayTek R&D have enhanced security features in the latest firmware release.  Improvements include router WebGUI security. ...