Vigor2960 firmware

This hub aggregates every CVE we track for Vigor2960 firmware, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Vigor2960 firmware.

• CVE-2024-12987DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injectionKEV7.3Dec 27, 2024
• CVE-2024-12986DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupptim os command injection7.3Dec 27, 2024
• CVE-2024-48074An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin...8.0Oct 28, 2024
• CVE-2024-43027DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the act...8.0Aug 21, 2024
• CVE-2023-6265DrayTek Vigor2960 mainfunction.cgi dumpSyslog 'option' directory traversal6.5Nov 22, 2023
• CVE-2023-24229DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. N...7.8Mar 15, 2023
• CVE-2023-1009DrayTek Vigor 2960 Web Management Interface mainfunction.cgi sub_1DF14 path traversal6.5Feb 24, 2023
• CVE-2021-43118A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRIN...9.8Mar 29, 2022
• CVE-2021-42911A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message conta...9.8Mar 29, 2022
• CVE-2020-19664DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.8.8Dec 31, 2020
• CVE-2020-15415On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-pyt...KEV9.8Jun 30, 2020
• CVE-2020-14472On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.9.8Jun 24, 2020
• CVE-2020-14473Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.9.8Jun 24, 2020
• CVE-2020-14993A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an aut...9.8Jun 23, 2020
• CVE-2020-10828A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.9.8Mar 26, 2020