CVE Tools

draytek

Networking InfrastructureTWcommercial

116

Cumulative CVEs

10

Monthly snapshots

#17

Peak rank

Top products

vigor2832 firmware6 vigor2135 firmware6 vigor2860 firmware6

Latest CVEs

The 15 most recently published vulnerabilities affecting draytek.

CVE-2022-50994DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi8.1May 8, 2026
CVE-2026-3040DrayTek Vigor 300B Web Management uploadlangs cgiGetFile os command injection4.7Feb 23, 2026
CVE-2025-10547CVE-2025-105479.8Oct 3, 2025
CVE-2025-44643Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration ...8.6Aug 4, 2025
CVE-2024-51139Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor...9.8Feb 27, 2025
CVE-2024-51138Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/276...9.8Feb 27, 2025
CVE-2024-41340An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3...8.4Feb 27, 2025
CVE-2024-41339An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 p...8.8Feb 27, 2025
CVE-2024-41338A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/276...7.5Feb 27, 2025
CVE-2024-41336Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor ...7.5Feb 27, 2025
CVE-2024-41335Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor ...7.5Feb 27, 2025
CVE-2024-41334Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor ...8.8Feb 27, 2025
CVE-2024-12987DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injectionKEV7.3Dec 27, 2024
CVE-2024-12986DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupptim os command injection7.3Dec 27, 2024
CVE-2024-51253In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function.8.0Nov 4, 2024