We’d like to inform you of a confirmed vulnerability affecting some of the DrayTek products that has been identified by the manufacturer during testing.

The best practice recommendation is to always keep firmware up to date, but DrayTek are highly recommending that you check that affected units are running at least the firmware version in the table below.

If the model is not listed below, it is not affected by this vulnerability.


Affected Model Fixed Firmware Version
Vigor2962 Series
Vigor2927 Series 4.4.0
Vigor2927 LTE Series 4.4.0
Vigor2915 Series
Vigor2866 Series 4.4.0
Vigor2866 LTE Series 4.4.0
Vigor2865 Series 4.4.0
Vigor2865 LTE Series 4.4.0
Vigor2862 Series
Vigor2862 LTE Series
Vigor2766 Series 4.4.2
Vigor2765 Series 4.4.2
Vigor2762 Series
Vigor2620 LTE Series
VigorLTE 200n
Vigor2135 Series 4.4.2
Vigor166 4.2.4
Vigor165 4.2.4
Vigor3220 Series
Vigor2952 / 2952P
Vigor2926 Series
Vigor2926 LTE Series
Vigor2925 Series 3.9.2
Vigor2925 LTE Series 3.9.2
Vigor2912 3.8.15
Vigor2860 Series 3.9.2
Vigor2860 LTE Series 3.9.2
Vigor2133 Series


Recommended actions

  1. If you have not already upgraded, update your firmware immediately. Before doing the upgrade, take a backup of your current config in case you need to restore it later (system maintenance -> Config Backup). Do use the .ALL file to upgrade, otherwise you will wipe your router settings. If you are upgrading from a much older firmware then please check the release notes carefully for any upgrading instructions.
  2. If you have remote access enabled on your router, disable it if you don’t need it, and use an access control list and 2FA if possible. If your unit is not already running patched firmware (see table above), disable remote access (admin) and SSL VPN. The ACL does not apply to SSL VPN connections (Port 443) so you should also temporarily disable SSL VPN until you have updated the firmware.


If you would like to discuss this further, or require our assistance in ensuring your equipment is secure, please contact customer services on:

01604 673320 | delight@dbfb.co.uk