Security Advisories for Exploits / Vulnerabilities


Welcome to the DrayTek Security Advisory index

Keep your firmware up to date

As well as new features and operational improvements, the latest firmware for your product may also include critical security updates. It is therefore vital that you always keep your product's firmware up to date, even if it's running find and you're happy with the current feature set or operation. You can join the owner's mailing list for information on the latest firmware updates, or check the downloads page regularly for updates. Make that one of your regular habits.

Critical Updates

If an upgrade is labelled 'critical' then it addresses one or more critical or serious security issue(s) and you should upgrade all units that you own or operate immediately. You should also inform any other known users of any critical firmware releases.

Reporting a suspected security vulnerability

If you believe that you have discovered a potential vulnerability or exploit on one of our products, please notify us immediately. Even if you're not sure about it, we can investigate and either put your mind at rest or improve/fix something. It is important to report any suspected issue directly to us in case it presents a viable vulnerability and publication might put others users at risk. Please refer to this page for details of how to report any suspected issues.

Security Advisories
28/03/2024 - Security Advisory: DrayTek Router Information Disclosure Vulnerability (CVE-2024-23721)
30/08/2023 - Security Advisory: Format string vulnerability (CVE-2023-31447)
02/03/2023 - Security Advisory: Cross-Site Scripting vulnerability (CVE-2023-23313)
04/08/2022 - Security Advisory: DrayTek Router unauthenticated remote code execution vulnerability (CVE-2022-32548)
13/12/2021 - Security Advisory: Apache Log4J Vulnerability
08/07/2021 - Security Advisory: Vigor 3910 / 2962 Web Management Vulnerability
24/06/2020 - Security Advisory: Vigor 3900 / 2960 / 300B Remote code injection/execution vulnerability (CVE-2020-14472 / CVE-2020-15415)
10/02/2020 - Security Advisory: 3900 / 2960 Router Web Management Page Vulnerability (Feb 2020)
12/03/2019 - Security Advisory: XSS WUI Issue (March 2019)
18/05/2018 - Security Advisory: CSRF & DNS/DHCP/Web Attacks
08/01/2018 - Security Advisory: Spectre & Meltdown CPU Vulnerabilities
16/10/2017 - Security Advisory: DNSMasq Vulnerability
16/10/2017 - Security Advisory: WPA2 Krack Vulnerability
14/06/2017 - Security Advisory : Samba Vulnerability
19/12/2016 - Critial Firmware Update - All models - December 2016
05/12/2016 - Security Advisory: Mirai Vulnerability / TR-064
25/04/2014 - Security Advisory: WPS Router Pincode Exploit
27/05/2015 - Security Advisory: NetUSB Vulnerability
23/12/2014 - Security Advisory: Misfortune Cookie Vulnerability
18/10/2014 - Security Advisory: Poodle Exploit