Thg3000 Router | Firmware

Several CVEs affect the THG3000’s older Linux kernel and services:

| CVE | Component | Risk | |----------------|----------------|--------------------------------------------------------------| | CVE-2021-35247 | MiniUPnPd | Remote info disclosure (LAN side) | | CVE-2022-30023 | Telnet daemon | Weak credential storage (if enabled) | | CVE-2023-28856 | HTTPd (RomPager)| Pre-auth buffer overflow → RCE (patched in 6.00.12+) | thg3000 router firmware

Mitigation: Disable UPnP, WAN-side access, and remote management unless absolutely needed. Several CVEs affect the THG3000’s older Linux kernel

Vodafone pushes updates automatically, but you can manually update via: follow these steps.

Updating the THG3000 is not like updating a PC. Most ISPs push automatic updates overnight. However, if you want to force an update or manually flash a file, follow these steps.