23/03/2025 00:00 - 31/03/2025 09:00
Description
Please read this important email regarding reported issues with broadband connections using Draytek routers. If you are not NOT using Draytek routers, you can ignore this message.
Since 21:30PM GMT 22/03/2025 we have witnessed an unusually high volume of session drops on broadband connections, primarily impacting BT Wholesale and TalkTalk broadband sessions. The cause has been narrowed down to vulnerable firmware versions on Draytek routers. This is also affecting connections across the world with many other Internet Service Providers affected.
If you are seeing broadband circuits exhibiting repeat short sessions and using a Draytek router, please upgrade the firmware to the latest version, which appears to mitigate against the issue.
Likewise, if you are also using Draytek routers to support any Leased Lines, please also review the firmware version before undertaking any further trouble shooting.
In addition, Draytek has recommended disabling remote access and SSL VPN on your routers. Please read the following advice and instructions from Draytek on how to update the firmware on your router.
---
Critical Security Alert: Multiple Vulnerabilities in DrayTek Products (CVE-2024-51138 to CVE-2024-51139 )
We are writing to inform you about critical security vulnerabilities discovered in several DrayTek products on October 9, 2024. These vulnerabilities include Buffer Overflow issues. We have addressed these concerns and released firmware updates to enhance security.
Vulnerability Details:
Published Date: 2025/2/28
CVE IDs: CVE-2024-51138 to CVE-2024-51139
Types: Buffer Overflow
CVE number Score
CVE-2024-51138 9.8
CVE-2024-51139 9.8
Urgent Action Required:
Upgrade your firmware immediately to the version listed below for your device.
Before upgrading:
Back up your current configuration (System Maintenance > Config Backup).
Use the ".ALL" file for upgrading to preserve your settings.
If upgrading from an older version, review the release notes for specific instructions.
If remote access is enabled:
Disable it unless absolutely necessary.
Use an access control list (ACL) and enable 2FA if possible.
For unpatched routers, disable both remote access (admin) and SSL VPN.
Note: ACL doesn't apply to SSL VPN (Port 443), so temporarily disable SSL VPN until upgraded.
Affected Products and Fixed Firmware Versions:
Vigor2620 LTE - 3.9.9.1
VigorLTE 200n - 3.9.9.1
Vigor2133 - 3.9.9.2
Vigor2135 - 4.4.5.5
Vigor2762 - 3.9.9.2
Vigor2765 - 4.4.5.5
Vigor2766 - 4.4.5.5
Vigor2832 - 3.9.9.2
Vigor2860 / 2860 LTE - 3.9.8.3
Vigor2862 / 2862 LTE - 3.9.9.8
Vigor2865 / 2865 LTE / 2865L-5G - 4.4.5.8
Vigor2866 / 2866 LTE - 4.4.5.8
Vigor2925 / 2925 LTE - 3.9.8.3
Vigor2926 / 2926 LTE - 3.9.9.8
Vigor2927 / 2927 LTE / 2927L-5G - 4.4.5.8
Vigor2962 - 4.3.2.9 - 4.4.3.2
Vigor3910 - 4.3.2.9 / 4.4.3.2
Vigor3912 - 4.3.6.2 / 4.4.3.2
Additional Security Measures:
Regularly check for and apply firmware updates.
Implement strong, unique passwords for all accounts.
Enable and configure firewall settings appropriately.
Monitor your network for any suspicious activities.
Next Steps:
If you haven't already, please update your device immediately. For products with unreleased firmware (marked with *), please stay vigilant for our upcoming announcements and update promptly once available.
Should you need any assistance with the update process or have security-related inquiries, please don't hesitate to contact our Technical Support team.
Any updates regarding this matter will be published on the official DrayTek website. Please refer to the following URL: https://www.draytek.com/about/security-advisory/
We appreciate your prompt attention to this critical security matter and thank you for your continued trust in DrayTek products.