Draytek Firmware Update

We wanted to make sure you were aware that DrayTek has released firmware updates for various products for a security vulnerability.  Please check below for further information on the vulnerability.

Security Advisory: Cross-Site Scripting vulnerability (CVE-2023-23313)

Models Affected: See table below
Priority: Critical

Action Required: Check firmware version on units and upgrade if required

A Cross-Site Scripting vulnerability in the hotspot web portal and user management login page on Draytek Routers (CVE-2023-23313) has been discovered.

It is possible for an unauthenticated attacker to inject and store arbitrary JavaScript code into the user’s browser by using the vulnerable CGI script. Since the injected code is stored in memory (until the router is rebooted), every user visiting the web portal or user management login page will trigger the stored malicious payload. DrayTek will release new firmwares with security updates for Cross-Site Scripting vulnerability as follows.

Please check the latest updates here: https://www.draytek.co.uk/support/security-advisories/kb-advisory-cve-2023-23313

Model Fixed Firmware Version
Vigor3220 Series
Vigor2962 Series
Vigor2952 / 2952P
Vigor2927 Series
Vigor2927 LTE Series
Vigor2926 Series
Vigor2926 LTE Series
Vigor2925 Series 3.9.4
Vigor2925 LTE Series 3.9.4
Vigor2915 Series
Vigor2866 Series
Vigor2866 LTE Series
Vigor2865 Series
Vigor2865 LTE Series
Vigor2862 Series
Vigor2862 LTE Series
Vigor2860 Series 3.9.4
Vigor2860 LTE Series 3.9.4
Vigor2832 Series
Vigor2766 Series
Vigor2765 Series
Vigor2763 Series
Vigor2762 Series
Vigor2135 Series
Vigor2133 Series
VigorNIC 132

The latest firmware can be downloaded from https://www.draytek.co.uk/support/downloads

More from DrayTek at Comms Express: DrayTek Routers & Modems | DrayTek Access Points | DrayTek Switches | DrayTek VOIP | DrayTek Licenses & Warranty Subscription Packs | DrayTek MRB Accessories

If you require any further information on these or any other DrayTek products that we stock, please do not hesitate to contact our team who will be only too happy to help.