Draytek Vigor2960 Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Draytek Vigor2960 Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Draytek Vigor2960 Firmware. Vigor2960 Firmware did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 0.00 |
| 2023 | 3 | 7.13 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 9.80 |
It may take a day or so for new Vigor2960 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Draytek Vigor2960 Firmware Security Vulnerabilities
DrayTek Vigor2960 RCE via table param in doPPPoE (v1.4.4)
CVE-2024-48074
- October 28, 2024
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function.
Dir Traversal in Draytek Vigor2960 v1.5.1.4/5 dumpSyslog CGI Auth Delete Files
CVE-2023-6265
8.1 - High
- November 22, 2023
** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.
Directory traversal
DrayTek Vigor2960 Cmd Injection via mainfunction.cgi (v1.5.1.4)
CVE-2023-24229
7.8 - High
- March 15, 2023
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Command Injection
DrayTek Vigor 2960 1.5.1.4 path traversal in Web Mgmt via /../etc/passwd
CVE-2023-1009
5.5 - Medium
- February 24, 2023
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Directory traversal
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload
CVE-2020-15415
9.8 - Critical
- June 30, 2020
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Draytek Vigor2960 Firmware or by Draytek? Click the Watch button to subscribe.
