Vigor300b
This hub aggregates every CVE we track for Vigor300b, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
11
CVEs tracked
6
Critical
5
High
3
In CISA KEV
Severity distribution
CRITICAL6HIGH5
Monthly trend
0
0
0
0
2
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 11 most recently published vulnerabilities affecting Vigor300b.
- CVE-2024-12987DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injectionKEV7.3
- CVE-2024-12986DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupptim os command injection7.3
- CVE-2024-45890DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`8.0
- CVE-2024-45887DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`8.0
- CVE-2021-43118A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRIN...9.8
- CVE-2021-42911A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message conta...9.8
- CVE-2020-19664DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.8.8
- CVE-2020-15415On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-pyt...KEV9.8
- CVE-2020-14472On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.9.8
- CVE-2020-14993A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an aut...9.8
- CVE-2020-8515DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharact...KEV9.8
Product normalization is registry-driven with AI assist and human review. How it works