Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website.
Published June 1, 2023.
Draytek Vigorswitch G1282 Firmware
Draytek Vigorswitch G2100 Firmware
Draytek Vigorswitch Pq2200xb Firmware
Draytek Vigorswitch P2540xs Firmware
Draytek Vigor2135fvac Firmware
Draytek Vigor2926 Plus Firmware
Draytek Vigorswitch Q2200x Firmware
Draytek Vigorap 1060c Firmware
Draytek Vigorswitch G2121 Firmware
Draytek Vigorlte 200n Firmware
Draytek Vigorswitch Q2121x Firmware
Draytek Vigorswitch G1080 Firmware
Draytek Vigorswitch G2540xs Firmware
Draytek Vigorswitch P1282 Firmware
Draytek Vigorswitch G2280x Firmware
Draytek Vigorswitch Fx2120 Firmware
Draytek Vigorswitch G1085 Firmware
Draytek Vigorswitch P2100 Firmware
Draytek Vigorswitch Pq2121x Firmware
Draytek Vigorap 1000c Firmware