Vigor 2960

This hub aggregates every CVE we track for Vigor 2960, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 11 most recently published vulnerabilities affecting Vigor 2960.

• CVE-2022-50994DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi8.1May 8, 2026
• CVE-2024-12987DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injectionKEV7.3Dec 27, 2024
• CVE-2023-24229DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. N...7.8Mar 15, 2023
• CVE-2023-1163DrayTek Vigor 2960 Web Management Interface mainfunction.cgi getSyslogFile path traversal6.5Mar 3, 2023
• CVE-2023-1162DrayTek Vigor 2960 Web Management Interface mainfunction.cgi command injection7.2Mar 3, 2023
• CVE-2023-1009DrayTek Vigor 2960 Web Management Interface mainfunction.cgi sub_1DF14 path traversal6.5Feb 24, 2023
• CVE-2021-43118A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRIN...9.8Mar 29, 2022
• CVE-2021-42911A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message conta...9.8Mar 29, 2022
• CVE-2020-19664DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.8.8Dec 31, 2020
• CVE-2020-14472On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.9.8Jun 24, 2020
• CVE-2020-14993A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an aut...9.8Jun 23, 2020