Main Vulnerability Database SB2026011996

SB2026011996 - Multiple DrayTek routers update for WLAN driver

Published: January 19, 2026

Security Bulletin ID SB2026011996

Severity

Low

Patch available

YES

Number of vulnerabilities 18

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 18 secuirty vulnerabilities.

1) Stack-based buffer overflow (CVE-ID: CVE-2025-20732)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.

2) Stack-based buffer overflow (CVE-ID: CVE-2025-20739)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.

3) Stack-based buffer overflow (CVE-ID: CVE-2025-20738)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.

4) Stack-based buffer overflow (CVE-ID: CVE-2025-20737)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

5) Stack-based buffer overflow (CVE-ID: CVE-2025-20736)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.

6) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20735)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

7) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20734)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.

8) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20733)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

9) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20731)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.

10) Integer overflow (CVE-ID: CVE-2025-20710)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an integer overflow within wlan. A local application can execute arbitrary code.

11) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20729)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.

12) Out-of-bounds read (CVE-ID: CVE-2025-20724)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can gain access to sensitive information.

13) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20720)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

14) Stack-based buffer overflow (CVE-ID: CVE-2025-20719)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

15) Stack-based buffer overflow (CVE-ID: CVE-2025-20718)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

16) Out-of-bounds write (CVE-ID: CVE-2025-20716)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.

17) Out-of-bounds write (CVE-ID: CVE-2025-20715)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.

18) Improper Validation of Specified Type of Input (CVE-ID: CVE-2025-20711)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://www.draytek.com/about/security-advisory/wlan-driver-vulnerabilities-november-2025

Vulnerable Software

VigorAP 903: before 1.4.20
Vigor 2927Lac: before 4.5.1.1
Vigor 2927Vac: before 4.5.1.1
Vigor 2927ac: before 4.5.1.1
Vigor 2915ac: before 4.4.6.2
Vigor 2912n: before 3.8.18
Vigor 2866Lac: before 4.5.2
Vigor 2866Vac: before 4.5.2
Vigor 2866ac: before 4.5.2
Vigor 2865Lac: before 4.5.2
Vigor 2865Vac: before 4.5.2
Vigor 2865ac: before 4.5.2
Vigor 2766Vac: before 4.5.2
Vigor 2766ac: before 4.5.2
Vigor 2765Vac: before 4.5.2
Vigor 2765ac: before 4.5.2
Vigor 2763ac: before 4.5.2
Vigor 2620Ln: before 3.9.9.6
Vigor 2136ax: before 5.3.5
Vigor 2135FVac: before 4.5.2
Vigor 2135Vac: before 4.5.2
Vigor 2135ac: before 4.5.2
Vigor 2762n: before 3.9.9.5
Vigor 2133n: before 3.9.9.5
Vigor C510ax: before 5.3.5
Vigor C410ax: before 5.3.5

SB2026011996 - Multiple DrayTek routers update for WLAN driver

Breakdown by Severity

Description

Remediation

References

Please verify you're human