Security Advisories for Exploits / Vulnerabilities
ExpiredWelcome to the DrayTek Security Advisory index
Keep your firmware up to date
As well as new features and operational improvements, the latest firmware for your product may also include critical security updates. It is therefore vital that you always keep your product's firmware up to date, even if it's running find and you're happy with the current feature set or operation. You can join the owner's mailing list for information on the latest firmware updates, or check the downloads page regularly for updates. Make that one of your regular habits.
Critical Updates
If an upgrade is labelled 'critical' then it addresses one or more critical or serious security issue(s) and you should upgrade all units that you own or operate immediately. You should also inform any other known users of any critical firmware releases.
Reporting a suspected security vulnerability
If you believe that you have discovered a potential vulnerability or exploit on one of our products, please notify us immediately. Even if you're not sure about it, we can investigate and either put your mind at rest or improve/fix something. It is important to report any suspected issue directly to us in case it presents a viable vulnerability and publication might put others users at risk. Please refer to this page for details of how to report any suspected issues.
- 27/03/2025 - Security Advisory: Unexpected router disconnections and reboots
- 04/03/2025 - Security Advisory: Buffer Overflow
- 04/03/2025 - Security Advisory: Denial of Service, Information Disclosure, and Code Execution Vulnerabilities
- 30/10/2024 - Security Advisory: Buffer Overflow Vulnerabilities (CVE-2024-46550 ~ CVE-2024-46568, CVE-2024-46571, CVE-2024-46580 ~ CVE-2024-46586, CVE-2024-46588 ~ CVE-2024-46598)
- 04/10/2024 - Security Advisory: Cross-Site Scripting, Denial of Service and Remote Code execution vulnerabilities (CVE-2024-41583 ~ CVE-2024-41596)
- 28/03/2024 - Security Advisory: DrayTek Router Information Disclosure Vulnerability (CVE-2024-23721)
- 30/08/2023 - Security Advisory: Format string vulnerability (CVE-2023-31447)
- 02/03/2023 - Security Advisory: Cross-Site Scripting vulnerability (CVE-2023-23313)
- 04/08/2022 - Security Advisory: DrayTek Router unauthenticated remote code execution vulnerability (CVE-2022-32548)
- 13/12/2021 - Security Advisory: Apache Log4J Vulnerability
- 08/07/2021 - Security Advisory: Vigor 3910 / 2962 Web Management Vulnerability
- 24/06/2020 - Security Advisory: Vigor 3900 / 2960 / 300B Remote code injection/execution vulnerability (CVE-2020-14472 / CVE-2020-15415)
- 10/02/2020 - Security Advisory: 3900 / 2960 Router Web Management Page Vulnerability (Feb 2020)
- 12/03/2019 - Security Advisory: XSS WUI Issue (March 2019)
- 18/05/2018 - Security Advisory: CSRF & DNS/DHCP/Web Attacks
- 08/01/2018 - Security Advisory: Spectre & Meltdown CPU Vulnerabilities
- 16/10/2017 - Security Advisory: DNSMasq Vulnerability
- 16/10/2017 - Security Advisory: WPA2 Krack Vulnerability
- 14/06/2017 - Security Advisory : Samba Vulnerability
- 19/12/2016 - Critial Firmware Update - All models - December 2016