Skip to main content

Improve WebUI security for Vigor3910 and Vigor2962 Series

The firmware (version 3.9.6.3) has corrected a WebGUI security issue that could allow router admin and VPN credentials to be discovered if remote management was enabled without an ACL. We strongly recommend you follow the steps below to review the security settings in your Vigor router.

Necessary Action:
We recommend users of affected models should upgrade firmware to version 3.9.6.3 or later and change the passwords for admin login and password/PSKs for VPN profiles after upgrading the firmware.

 

Model Fixed Firmware Version Download Link
Vigor2962 3.9.6.3  Click Here
Vigor3910 3.9.6.3 Click Here

 

  1. Use a strong password for admin login and all VPN profiles. Change the passwords periodically.
  2. Disable any unnecessary services and VPN profiles, like OpenVPN, PPTP VPN, or remote management (Web, SNMP, telnet, SSH, FTP) from WAN. If any service is enabled, please enable ACL, 2FA, or specify the VPN peer IP to restrict the access.
  3. Enable Brute Force Protection in Management setup page.
  4. Record Syslog and set up VPN/login Mail Alerts and review the logs periodically. While seeing the abnormal attack events, we can enable DoS Defense and block those IPs by using the Blacklist.
Published
Image

    Full day DrayTek Training.

    Best Practices for Building SMB Networks

      August 12, 2022 to August 12, 2022 @ Newark, NJ @ 10:00am - 4:30pm

     For More info / Registration click HERE