Security Advisory

DrayTek have identified several vulnerabilities related to WLAN Chipsets and has provided updated firmware to address these vulnerabilities.

More details are available in the Security Advisory:
WLAN Driver Vulnerabilities (CVE-2025-20631 ~ CVE-2025-20633)
https://www.draytek.com/about/security-advisory/wlan-driver-vulnerabilities-(cve-2025-20631-cve-2025-20633)

Urgent Action Required:
It is highly recommended that you check the firmware of the units you own or manage and ensure they run patched versions.
If the devices run older firmware, upgrade them immediately to the versions listed below.

Before upgrading:

• Back up your current configuration (System Maintenance > Config Backup).
• Use the ".ALL" file to upgrade and preserve your settings.
• If upgrading from an older version, review the release notes for specific instructions.

If remote access is enabled:

• Disable it unless necessary.
• Use an access control list (ACL) and enable 2FA if possible.
• For unpatched routers, disable both remote access (admin) and SSL VPN.
• Note: ACL does not apply to SSL VPN (Port 443), so temporarily disable SSL VPN until it is upgraded.

Affected Products and Fixed Firmware Versions:
      VigorLTE 200n - 3.9.9.3
      Vigor2620 LTE - 3.9.9.3
      Vigor2135 - 4.4.5.7
      Vigor2136 - 5.3.1
      Vigor2765 - 4.4.5.7
      Vigor2766 - 4.4.5.7
      Vigor2865 / 2865 LTE / 2865L-5G - 4.4.6.1
      Vigor2866 / 2866 LTE / 2866L-5G - 4.4.6.1
      Vigor2915 - 4.4.5.1
      Vigor2927 / 2927 LTE / 2927L-5G - 4.4.6.1
      VigorAP 805 - 5.0.4
      VigorAP 903 - 1.4.18
      VigorAP 962C - 5.0.4
      VigorAP 1062C - 5.0.4
 
Recommended Additional Security Measures:

• Regularly check for and apply firmware updates.
• Implement strong, unique passwords for all accounts.
• Enable and configure firewall settings appropriately.
• Monitor your network for any suspicious activities.