Draytek
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Draytek product.
RSS Feeds for Draytek security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Draytek products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Draytek Sorted by Most Security Vulnerabilities since 2018
Known Exploited Draytek Vulnerabilities
The following Draytek vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| DrayTek Vigor Routers OS Command Injection Vulnerability |
DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface. CVE-2024-12987 Exploit Probability: 83.8% |
May 15, 2025 |
| DrayTek Multiple Vigor Routers OS Command Injection Vulnerability |
DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used. CVE-2020-15415 Exploit Probability: 93.1% |
September 30, 2024 |
| Draytek VigorConnect Path Traversal Vulnerability |
Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. CVE-2021-20124 Exploit Probability: 94.1% |
September 3, 2024 |
| Draytek VigorConnect Path Traversal Vulnerability |
Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. CVE-2021-20123 Exploit Probability: 94.0% |
September 3, 2024 |
| DrayTek Vigor Router Vulnerability |
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. CVE-2020-8515 Exploit Probability: 94.4% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 5 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.
By the Year
In 2025 there have been 0 vulnerabilities in Draytek. Last year, in 2024 Draytek had 81 security vulnerabilities published. Right now, Draytek is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 81 | 7.67 |
| 2023 | 6 | 7.75 |
| 2022 | 0 | 0.00 |
| 2021 | 7 | 7.80 |
| 2020 | 1 | 9.80 |
It may take a day or so for new Draytek vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Draytek Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2024-12987 | Dec 27, 2024 |
DrayTek Vigor2960 and Vigor300B Web Management Interface OS Command Injection VulnerabilityA vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component. |
|
| CVE-2024-45890 | Nov 04, 2024 |
DrayTek Vigor3900 1.5.1.3 CGI Command InjectionDrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.` |
Vigor3900 Firmware
|
| CVE-2024-45882 | Nov 04, 2024 |
DrayTek Vigor3900 1.5 CGI Command InjectionDrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.` |
Vigor3900 Firmware
|
| CVE-2024-45884 | Nov 04, 2024 |
DrayTek Vigor3900 1.5.1.3 CGI Command InjectionDrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.` |
Vigor3900 Firmware
|
| CVE-2024-45885 | Nov 04, 2024 |
DrayTek Vigor3900 1.5.1.3 CGI Command InjectionDrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.` |
Vigor3900 Firmware
|
| CVE-2024-45887 | Nov 04, 2024 |
DrayTek Vigor3900 1.5.1.3 CGI Command InjectionDrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.` |
Vigor3900 Firmware
|
| CVE-2024-45888 | Nov 04, 2024 |
DrayTek Vigor3900 CGI Command InjectionDrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.' |
Vigor3900 Firmware
|
| CVE-2024-45889 | Nov 04, 2024 |
DrayTek Vigor3900 1.5.1.3 CGI Command InjectionDrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.` |
Vigor3900 Firmware
|
| CVE-2024-45891 | Nov 04, 2024 |
DrayTek Vigor3900 1.5.1.3 CGI Command InjectionDrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.` |
Vigor3900 Firmware
|
| CVE-2024-45893 | Nov 04, 2024 |
DrayTek Vigor3900 1.5.1.3 CGI Command InjectionDrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.` |
Vigor3900 Firmware
|
| CVE-2024-51249 | Nov 04, 2024 |
Draytek Vigor3900 1.5.1.3 Command Injection via CGIIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function. |
Vigor3900 Firmware
|
| CVE-2024-51246 | Nov 04, 2024 |
Draytek Vigor3900 1.5.1.3 Command InjectionIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function. |
Vigor3900 Firmware
|
| CVE-2024-51253 | Nov 04, 2024 |
Draytek Vigor3900 1.5.1.3 Command Injection via mainfunction.cgiIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function. |
Vigor3900 Firmware
|
| CVE-2024-51251 | Nov 04, 2024 |
Draytek Vigor3900 1.5.1.3 Command Injection via CGIIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. |
Vigor3900 Firmware
|
| CVE-2024-51252 | Nov 01, 2024 |
Draytek Vigor3900 1.5.1.3 Command Injection Vulnerability in mainfunction.cgiIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. |
Vigor3900 Firmware
|
| CVE-2024-51244 | Nov 01, 2024 |
Command Injection Vulnerability in Draytek Vigor3900 1.5.1.3 via mainfunction.cgiIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function. |
Vigor3900 Firmware
|
| CVE-2024-51245 | Nov 01, 2024 |
DrayTek Vigor3900 1.5.1.3 Command Injection Vulnerability in mainfunction.cgiIn DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. |
Vigor3900 Firmware
|
| CVE-2024-51247 | Nov 01, 2024 |
Command Injection Vulnerability in Draytek Vigor3900 1.5.1.3 via mainfunction.cgiIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. |
Vigor3900 Firmware
|
| CVE-2024-51248 | Nov 01, 2024 |
Draytek Vigor3900 1.5.1.3 Command Injection Vulnerability in mainfunction.cgiIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function. |
Vigor3900 Firmware
|
| CVE-2024-51260 | Oct 31, 2024 |
DrayTek Vigor3900 1.5.1.3 Arbitrary Command Injection via mainfunction.cgiDrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function. |
Vigor3900 Firmware
|
| CVE-2024-51255 | Oct 31, 2024 |
Arbitrary Command Injection via mainfunction.cgi in DrayTek Vigor3900 (1.5.1.3)DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function. |
Vigor3900 Firmware
|
| CVE-2024-51259 | Oct 31, 2024 |
DrayTek Vigor3900 1.5.1.3 cmd injection via setup_cacertificate in mainfunction.cgiDrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. |
Vigor3900 Firmware
|
| CVE-2024-51254 | Oct 31, 2024 |
Command Injection in DrayTek Vigor3900 1.5.1.3 mainfunction.cgiDrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. |
Vigor3900 Firmware
|
| CVE-2024-51258 | Oct 30, 2024 |
DrayTek Vigor3900 1.5.1.3 cmd injection via mainfunction.cgiDrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. |
Vigor3900 Firmware
|
| CVE-2024-51301 | Oct 30, 2024 |
Arbitrary Command Exec via mainfunction.cgi in Draytek Vigor3900 1.5.1.3In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function. |
Vigor3900 Firmware
|
| CVE-2024-51300 | Oct 30, 2024 |
Command Injection in Draytek Vigor3900 1.5.1.3 mainfunction.cgi (get_rrd)In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function. |
Vigor3900 Firmware
|
| CVE-2024-51299 | Oct 30, 2024 |
Arbitrary Command Injection - Draytek Vigor3900 1.5.1.3 mainfunction.cgiIn Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. |
Vigor3900 Firmware
|
| CVE-2024-51298 | Oct 30, 2024 |
Command Injection via doGRETunnel in Draytek Vigor3900 mainfunction.cgi 1.5.1.3In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function. |
Vigor3900 Firmware
|
| CVE-2024-51296 | Oct 30, 2024 |
Arbitrary Command Exec via CGI in Draytek Vigor3900 1.5.1.3In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. |
Vigor3900 Firmware
|
| CVE-2024-51257 | Oct 30, 2024 |
DrayTek Vigor3900 1.5.1.3 Remote Command Injection via mainfunction.cgiDrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. |
Vigor3900 Firmware
|
| CVE-2024-51304 | Oct 30, 2024 |
Command injection via ldap_search_dn in mainfunction.cgi (Vigor3900)In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function. |
Vigor3900 Firmware
|
| CVE-2024-48074 | Oct 28, 2024 |
DrayTek Vigor2960 RCE via table param in doPPPoE (v1.4.4)An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function. |
Vigor2960 Firmware
|
| CVE-2024-48153 | Oct 14, 2024 |
Command Injection in mainfunction.cgi of DrayTek Vigor3900 1.5.1.3DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. |
Vigor3900 Firmware
|
| CVE-2024-46316 | Oct 09, 2024 |
Command Injection in DrayTek Vigor3900 v1.5.1.6 (sub_2C920)DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message. |
Vigor3900 Firmware
|
| CVE-2024-41595 | Oct 03, 2024 |
Remote Setting Modification via .cgi BOC in DrayTek Vigor310 <4.3.2.6DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations. |
Vigor3910 Firmware
|
| CVE-2024-41592 | Oct 03, 2024 |
Stack Overflow in DrayTek Vigor3910 GetCGI (<=4.3.2.6)DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. |
Vigor3910 Firmware
|
| CVE-2024-41589 | Oct 03, 2024 |
DrayTek Vigor310 HTTP Auth Unencrypted Vulnerability (4.3.2.6)DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. |
Vigor3910 Firmware
|
| CVE-2024-41586 | Oct 03, 2024 |
DrayTek Vigor310 before 4.3.2.6 Buffer Overflow via /cgi-bin/ipfedr.cgiA stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. |
Vigor3910 Firmware
|
| CVE-2024-41585 | Oct 03, 2024 |
OS Command Injection in DrayTek Vigor3910 recvCmd v4.3.2.6DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine. |
Vigor3910 Firmware
|
| CVE-2024-41584 | Oct 03, 2024 |
Vigor3910 Auth XSS via sFormAuthStr (pre-4.3.2.6)DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter. |
Vigor3910 Firmware
|
| CVE-2024-41583 | Oct 03, 2024 |
DrayTek Vigor3910 4.3.2.6 Devices: Stored XSS via Router Name (Auth)DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name. |
Vigor3910 Firmware
|
| CVE-2024-41587 | Oct 03, 2024 |
DrayTek Vigor310 Stored XSS via Login Page Greeting pre-4.3.2.6Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. |
Vigor3910 Firmware
|
| CVE-2024-46552 | Sep 18, 2024 |
Vigor 3910 v4.3.2.6 Buffer Overflow in ipstrt.cgi -> DoSDraytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
Vigor3910 Firmware
|
| CVE-2024-46551 | Sep 18, 2024 |
Vigor 3910 v4.3.2.6 sBPA_Pwd Buffer Overflow DoSDraytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
Vigor3910 Firmware
|
| CVE-2024-46550 | Sep 18, 2024 |
Draytek Vigor 3910 v4.3.2.6 CGI Buffer Overflow in chglog.cgi (DoS)Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
Vigor3910 Firmware
|
| CVE-2024-46553 | Sep 18, 2024 |
Draytek Vigor 3910 Buffer Overflow in v2x00.cgi (Pre-4.3.2.6)Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
Vigor3910 Firmware
|
| CVE-2024-46591 | Sep 18, 2024 |
Draytek Vigor 3910 v4.3.2.6 DoS via sDnsPro Buffer OverflowDraytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
Vigor3910 Firmware
|
| CVE-2024-46582 | Sep 18, 2024 |
Draytek Vigor 3910 v4.3.2.6 DoS via Buffer Overflow in v2x00.cgiDraytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvAddr parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
Vigor3910 Firmware
|
| CVE-2024-46583 | Sep 18, 2024 |
Draytek Vigor 3910 v4.3.2.6 DoS via Buffer Overflow in cgiapp.cgi extRadSrv2Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
Vigor3910 Firmware
|
| CVE-2024-46584 | Sep 18, 2024 |
DoS via buffer overflow in acontrol.cgi (AControlIp1) on Draytek Vigor 3910 v4.3.2.6Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
Vigor3910 Firmware
|