Fuse is a Microsoft Partner, based in Northampton. We help organisations of all sizes to maximise IT efficiencies through the use of Microsoft cloud computing solutions.
Security Vulnerabilities for DrayTek Routers
Update Your Router to Keep Secure
In the last few days, broadband ISOs have observed a significant increase in disconnections among customers using DrayTek routers in the UK. This follows DrayTek's announcement of 14 security vulnerabilities affecting multiple models of their “Vigor” routers, many of which allow dangerous remote code executions.
While DrayTek has released firmware updates to patch most of these issues, some routers are still experiencing crashes. It is currently unclear whether these disruptions are due to previously identified vulnerabilities or new, undiscovered ones.
To assist our clients in mitigating these issues, we recommend the following steps:
1. Verify Your Router Model and Firmware Version:
Check with your network manager or service provider to see if any of the following models and versions are in use:
- Vigor2620 LTE – 3.9.9.1
- VigorLTE 200n – 3.9.9.1
- Vigor2133 – 3.9.9.2
- Vigor2135 – 4.4.5.5
- Vigor2762 – 3.9.9.2
- Vigor2765 – 4.4.5.5
- Vigor2766 – 4.4.5.5
- Vigor2832 – 3.9.9.2
- Vigor2860 / 2860 LTE – 3.9.8.3
- Vigor2862 / 2862 LTE – 3.9.9.8
- Vigor2865 / 2865 LTE / 2865L-5G – 4.4.5.8
- Vigor2866 / 2866 LTE – 4.4.5.8
- Vigor2925 / 2925 LTE – 3.9.8.3
- Vigor2926 / 2926 LTE – 3.9.9.8
- Vigor2927 / 2927 LTE / 2927L-5G – 4.4.5.8
- Vigor2962 – 4.3.2.9 – 4.4.3.2
- Vigor3910 – 4.3.2.9 / 4.4.3.2
- Vigor3912 – 4.3.6.2 / 4.4.3.2
2. Update Firmware:
If your router is affected, update the firmware as soon as possible. Keep in mind that DrayTek’s website may currently be experiencing issues, but we recommend persisting with the updates.
3. Disable Remote Access:
If firmware updates don’t resolve the issue, check whether Remote Access is enabled and disable it unless absolutely necessary. Ensure VPN services, especially SSLVPN and SSH VPN, are disabled under “VPN and Remote Access > Remote access control”.
4. Consider Router Replacement:
If issues persist, consider temporarily replacing the router with a different model or brand. If you are under an ISP contract, check if router replacement is covered under your terms and services.
We understand the critical role robust and secure network infrastructure plays for your operations. If you have any questions or need further assistance, please do not hesitate to reach out to our support team. We're here to help ensure your network remains secure and stable.
