Security Advisory: Information Disclosure Vulnerability (CVE-2024-23721)
ExpiredModels Affected: See table below
Priority: Critical
Action Required: Check firmware version on units and upgrade if required
Temporary Workaround: Enable Remote Management Access Control List (ACL) or disable remote management of the router. Upgrade the firmware as soon as possible
We were recently informed about the vulnerability of routers to unauthorized access to certain copies of settings. Our engineers have released a firmware patch that improves the security of your device. Install the new firmware version as soon as possible.
1. If you have not already upgraded, update your firmware immediately. Before doing the upgrade, take a backup of your current config in case you need to restore it later [System Maintenance] > [Config Backup]. Do use the .ALL file to upgrade, otherwise you will wipe your router settings. If you are upgrading from a much older firmware, then please check the release notes carefully for any upgrading instructions.
2. If you have remote access enabled on your router, disable it if you don't need it, and use an access control list and 2FA if possible. If your unit is not already running patched firmware (see table below), enable the access control list or disable remote access (Web UI) for both HTTP and HTTPS services.
3. It is good practice to update the router admin password
Model | Firmware |
Vigor 2620Ln | 3.9.8.7 |
Vigor 2135ax | 4.4.3.2 |
Vigor 2762 Series | 3.9.7 |
Vigor 2763 Series | 4.4.3.2 |
Vigor 2765 Series | 4.4.3.2 |
Vigor 2766 Series | 4.4.3.2 |
Vigor 2832 Series | 3.9.7 |
Vigor 2860 Series | 3.9.6 |
Vigor 2862 Series | 3.9.9.3 |
Vigor 2865 Series | 4.4.5 |
Vigor 2866 Series | 4.4.5 |
Vigor 2925 Series | 3.9.6 |
Vigor 2926 Series | 3.9.9.3 |
Vigor 2927 Series | 4.4.5 |
Vigor 2952 | 3.9.8.1 |
Vigor 2962 | 4.3.2.6 |
Vigor 3220 | 3.9.8.1 |
Vigor 3910 | 4.3.2.6 |
Vigor 3912 | 4.3.5.1 |