Skip to main content

Improve WebUI security for Vigor3910 and Vigor2962 Series

The firmware (version 3.9.6.3) has corrected a WebGUI security issue that could allow router admin and VPN credentials to be discovered if remote management was enabled without an ACL. We strongly recommend you follow the steps below to review the security settings in your Vigor router.

Necessary Action:
We recommend users of affected models should upgrade firmware to version 3.9.6.3 or later and change the passwords for admin login and password/PSKs for VPN profiles after upgrading the firmware.

 

Model Fixed Firmware Version Download Link
Vigor2962 3.9.6.3  Click Here
Vigor3910 3.9.6.3 Click Here

 

  1. Use a strong password for admin login and all VPN profiles. Change the passwords periodically.
  2. Disable any unnecessary services and VPN profiles, like OpenVPN, PPTP VPN, or remote management (Web, SNMP, telnet, SSH, FTP) from WAN. If any service is enabled, please enable ACL, 2FA, or specify the VPN peer IP to restrict the access.
  3. Enable Brute Force Protection in Management setup page.
  4. Record Syslog and set up VPN/login Mail Alerts and review the logs periodically. While seeing the abnormal attack events, we can enable DoS Defense and block those IPs by using the Blacklist.
Published
Image

About

We are professional and reliable provider since we offer customers the most powerful and beautiful themes. Besides, we always catch the latest technology and adapt to follow world’s new trends to deliver the best themes to the market.