A format string vulnerability has been discovered, which could potentially allow an unauthenticated attacker to execute arbitrary code. DrayTek has promptly addressed this issue and released new firmwares that include security update.
|Model||Fixed Firmware Version|
|Vigor2860 / 2860 LTE||3.9.5|
|Vigor2862 / 2862 LTE||184.108.40.206|
|Vigor2865 / 2865 LTE||220.127.116.11|
|Vigor2866 / 2866 LTE||4.4.3*|
|Vigor2925 / 2925 LTE||3.9.5|
|Vigor2926 / 2926 LTE||18.104.22.168|
|Vigor2927 / 2927 LTE||4.4.3|
|Vigor2952 / 2952P||3.9.8|
We would like to express our appreciation to the CataLpa from Dbappsecurity Co. Ltd. for their efficient testing and timely reporting.
Should you have any security-related inquiry regarding one of our products, please contact DrayTek Technical Support.