Improve WebUI security for Vigor3910 and Vigor2962 Series
The firmware (version 18.104.22.168) has corrected a WebGUI security issue that could allow router admin and VPN credentials to be discovered if remote management was enabled without an ACL. We strongly recommend you follow the steps below to review the security settings in your Vigor router.
We recommend users of affected models should upgrade firmware to version 22.214.171.124 or later and change the passwords for admin login and password/PSKs for VPN profiles after upgrading the firmware.
|Model||Fixed Firmware Version||Download Link|
- Use a strong password for admin login and all VPN profiles. Change the passwords periodically.
- Disable any unnecessary services and VPN profiles, like OpenVPN, PPTP VPN, or remote management (Web, SNMP, telnet, SSH, FTP) from WAN. If any service is enabled, please enable ACL, 2FA, or specify the VPN peer IP to restrict the access.
- Enable Brute Force Protection in Management setup page.
- Record Syslog and set up VPN/login Mail Alerts and review the logs periodically. While seeing the abnormal attack events, we can enable DoS Defense and block those IPs by using the Blacklist.