Draytek Router Vulnerability – 22nd March 2025

Internet connectivity issues with Draytek routers. We’ve also experienced issues accessing Draytek’s website and have been blocked from access.

If remote access is enabled:
– Disable it unless absolutely necessary.
– Use an access control list (ACL) and enable 2FA if possible.
– For unpatched routers, disable both remote access (admin) and SSL VPN.
Note: ACL doesn’t apply to SSL VPN (Port 443), so temporarily disable SSL VPN until upgraded.

Affected Products and Fixed Firmware Versions:
Vigor165 – 4.2.7
Vigor166 – 4.2.7
Vigor2620 LTE – 3.9.9.1
VigorLTE 200n – 3.9.9.1
Vigor2133 – 3.9.9.2
Vigor2135 – 4.4.5.5
Vigor2762 – 3.9.9.2
Vigor2765 – 4.4.5.5
Vigor2766 – 4.4.5.5
Vigor2832 – 3.9.9.2
Vigor2860 / 2860 LTE – 3.9.8.3
Vigor2862 / 2862 LTE – 3.9.9.8
Vigor2865 / 2865 LTE / 2865L-5G – 4.4.5.8
Vigor2866 / 2866 LTE – 4.4.5.8
Vigor2925 / 2925 LTE – 3.9.8.3
Vigor2926 / 2926 LTE – 3.9.9.8
Vigor2927 / 2927 LTE / 2927L-5G – 4.4.5.8
Vigor2962 – 4.3.2.9 – 4.4.3.2
Vigor3910 – 4.3.2.9 / 4.4.3.2
Vigor3912 – 4.3.6.2 / 4.4.3.2

Legacy devices should be replaced.