Security Advisory: Format string vulnerability (CVE-2023-31447)
ExpiredModels Affected: See table below
Priority: Medium
Action Required: Check firmware version on units and upgrade
A format string vulnerability has been discovered in the user management login page on DrayTek routers, which could potentially allow an unauthenticated attacker to cause the router to reboot if the DrayTek router is running a firmware version where the vulnerability is exploitable. The vulnerability has been resolved in the firmware versions listed below. There are firmware versions where the issue is not exploitable, but the vulnerability is still present. These firmware versions should still be upgraded, but there are no known impacts of the vulnerability on these versions.
The issue is in the Web login page, so a temporary mitigation is to restrict access to the routers web interface via [System Maintenance] > [Management] to control remote management and access to SSL VPN via [VPN and Remote Access] > [Remote Access Control] or apply to Access Control Lists to the remote management.
* firmware has not been released yet as of 23/11/23
|
Model |
Exploitable |
Fixed Firmware Version |
|
Vigor1000B |
< 4.x.x.x |
4.3.2.4 |
|
Vigor165 |
< 4.x.x |
4.2.5 |
|
Vigor166 |
< 4.x.x |
4.2.5 |
|
Vigor2620 LTE |
<3.9.8.4 |
3.9.8.4 |
|
VigorLTE 200n |
<3.9.8.4 |
3.9.8.4 |
|
Vigor2133 |
<3.9.7 |
3.9.7* |
|
Vigor2135 |
< 4.x.x |
4.4.3 |
|
Vigor2762 |
<3.9.6.6 |
3.9.6.6 |
|
Vigor2763 |
< 4.x.x |
4.4.3 |
|
Vigor2765 |
< 4.x.x |
4.4.3 |
|
Vigor2766 |
< 4.x.x |
4.4.3 |
|
Vigor2832 |
<3.9.7 |
3.9.7* |
|
Vigor2860 / 2860 LTE |
<3.9.5 |
3.9.5 |
|
Vigor2862 / 2862 LTE |
<3.9.9.2 |
3.9.9.2 |
|
Vigor2865 / 2865 LTE |
< 4.x.x |
4.4.3.1 |
|
Vigor2866 / 2866 LTE |
< 4.x.x |
4.4.3.1 |
|
Vigor2925 / 2925 LTE |
<3.9.5 |
3.9.5 |
|
Vigor2926 / 2926 LTE |
<3.9.9.2 |
3.9.9.2 |
|
Vigor2927 / 2927 LTE |
< 4.x.x |
4.4.3 |
|
Vigor2952 / 2952P |
<3.9.8 |
3.9.8 |
|
Vigor2962 Series |
< 4.x.x.x |
4.3.2.4 |
|
Vigor3220 |
<3.9.8 |
3.9.8 |
|
Vigor3910 |
< 4.x.x.x |
4.3.2.4 |