Vigor300b firmware

This hub aggregates every CVE we track for Vigor300b firmware, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Vigor300b firmware.

• CVE-2026-3040DrayTek Vigor 300B Web Management uploadlangs cgiGetFile os command injection4.7Feb 23, 2026
• CVE-2024-12987DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injectionKEV7.3Dec 27, 2024
• CVE-2024-12986DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupptim os command injection7.3Dec 27, 2024
• CVE-2024-43027DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the act...8.0Aug 21, 2024
• CVE-2021-43118A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRIN...9.8Mar 29, 2022
• CVE-2021-42911A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message conta...9.8Mar 29, 2022
• CVE-2020-15415On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-pyt...KEV9.8Jun 30, 2020
• CVE-2020-14472On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.9.8Jun 24, 2020
• CVE-2020-14473Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.9.8Jun 24, 2020
• CVE-2020-14993A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an aut...9.8Jun 23, 2020
• CVE-2020-10828A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.9.8Mar 26, 2020
• CVE-2020-10827A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.9.8Mar 26, 2020
• CVE-2020-10826/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.9.8Mar 26, 2020
• CVE-2020-10825A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve ...9.8Mar 26, 2020
• CVE-2020-10824A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution...9.8Mar 26, 2020