Weekly Update 7 March 2023
Security Advisory
Cross-Site Scripting vulnerability (CVE-2023-23313)
A Cross-Site Scripting vulnerability in the hotspot web portal and user management login page on Draytek Routers (CVE-2023-23313) has been discovered.
It is possible for an authenticated attacker to inject and store arbitrary JavaScript code into the user's browser by using the vulnerable CGI script. Since the injected code is stored permanently, every user visiting the web application will trigger the stored malicious payload.
DrayTek has now released updated firmware to address this vulnerability.
More details at: https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-(cve-2023-23313)/
Upcoming Webinar
Free Webinar – What's New in DrayOS v4.4.0
Tuesday 14th March 2023, 12:00 noon AEDT
Duration: 30 minutes
Tune into our next YouTube Premiere webinar: What's New in DrayOS v4.4.0
DrayTek released firmware version 4.4.0 in 2022 and this webinar will look at the new and interesting router features that have been introduced into this firmware version. This firmware is available for the latest dual and single WAN routers, except for the Vigor167.
The firmware is not yet available for the Vigor2962 and 3910, but is expected be available later this year. New features include 2FA (two factor authentication) for the admin login, and for VPN authentication. Other new features are enhancements to DrayDDNS, route policy, bandwidth management and QoS.
Stay tuned at the end for an extra five minutes where we
will be on hand to answer any questions you might have.
Click here or this link https://youtu.be/dmqgoHr3r2o
Then click on “Notify me” to receive a reminder when this event is scheduled to start (the “Notify me” button will come up when you sign in on YouTube).
We hope to see you there!
Latest Video
Configuring Multiple SSIDs and IP subnetson DrayTek Vigor Access Points
This video demonstrates how to configure multiple IP subnets and VLANs in the Vigor2865Lac. The same VLANs are made available in the vigorAP903 by setting up an 802.1q VLAN trunk between the two devices.
To find out more click here to watch the video.
Latest Firmware
New firmware is now available which addresses the Cross-Site Scripting vulnerabilities (CVE-2023-23313) in DrayTek routers. Available firmware is listed below:
Vigor130 v3.8.5.1
Vigor2865 v4.4.1.1
Vigor2866 v4.4.1.1
Vigor2765 v4.4.2.1
Vigor2766 v4.4.2.1
Vigor2135 v4.4.2.1
Vigor2832 v3.9.6.3
Vigor2762 v3.9.6.5
Vigor2133 v3.9.6.5
Vigor3910 v4.3.2.2
Vigor2962 v4.3.2.2
Vigor2952 v3.9.7.4
Vigor3220 v3.9.7.4
Vigor2862 v3.9.9.1
Vigor2926 v3.9.9.1
Vigor2915 v4.4.2.1
Vigor2927 v4.4.2.3
Vigor2925 v3.9.4
Vigor2860 v3.9.4
Click on the required firmware above to download.
To subscribe to our regular news updates, click on “Subscribe” on this page or login into your i-helpdesk account and enable the “Subscribe” option.
Related Articles
Weekly Update 24 March 2021
MyVigor Security Update Recently the MyVigor server has been upgraded to a new system architecture which includes security enhancements. As a result, new firmware will be required for DrayTek devices to take advantage of the new security ...Weekly Update 19 March 2020
Upcoming Webinar Free Webinar – Network Management and Monitoring of DrayTek Devices Tuesday 31 March 2020 10:00AM – 10:30 AM (AEST) You are invited to attend our next webinar presentation where we give an overview of the different ways to manage ...Weekly Update 9 March 2020
Upcoming Webinar DrayTek VigorConnect– Features and Benefits Tuesday 17th March 2020, 10:00am Duration: 30 minutes You are invited to attend our next webinar: DrayTek VigorConnect - Features and Benefits. This webinar introduces the latest network ...Weekly Update 8 March 2023
Security Advisory 1. Hacking campaign called 'Hiatus' targets DrayTek Vigor router models 2960 and 3900 We have become aware of a hacking campaign called 'Hiatus' targeting DrayTek Vigor router models 2960 and 3900 to steal data from victims and ...Weekly Update 26 March 2020
Upcoming Webinar Free Webinar – Network Management and Monitoring of DrayTek Devices Tuesday 31 March 2020 10:00AM – 10:30 AM (AEST) You are invited to attend our next webinar presentation where we give an overview of the different ways to manage ...