We have become aware of a possible exploit of the Vigor3900 / 2960 / 300B related to functions and services on 12th Apr., and we released an updated firmware to address this issue on 17th Jun. 2020.

Necessary Action: Users of affected models should upgrade firmware to version 1.5.1.1 or later as soon as possible.

Affected Products and the Fixed Firmware Version

Model	Fixed Firmware Version	Download Link
Vigor300B	1.5.1.1
Vigor2960	1.5.1.1
Vigor3900	1.5.1.1

The issue only affects the Vigor3900 / 2960 / 300B and is not known to affect any other DrayTek products.

Acknowledgement

Here we want to express our acknowledgment for the people who found the vulnerability and notify us.

• Swings from Chaitin Security Research Lab
• C0ss4ck from Nanjing University of Posts and Telecommunications
• MozhuCY from Nanjing University of Posts and Telecommunications