Known Vulnerabilities for products from Draytek
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Draytek".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Draytek can be found at device.report : Draytek
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-3040 json | A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin... | Not Provided | 2026-02-23 | 2026-04-29 |
| CVE-2023-33778 json | Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware ve... | 9.8 - CRITICAL | 2023-06-01 | 2023-06-09 |
| CVE-2023-31447 json | user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to sen... | 9.8 - CRITICAL | 2023-08-21 | 2023-08-30 |
| CVE-2023-24229 json | DrayTek Vigor2960 v1.5.1.4 was discovered to contain a command injection vulnerability via the mainfunction.cgi component. | 7.8 - HIGH | 2023-03-15 | 2023-11-22 |
| CVE-2023-23313 json | Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of ... | 6.1 - MEDIUM | 2023-03-03 | 2023-11-07 |
| CVE-2023-6265 json | Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of ... | 8.1 - HIGH | 2023-11-22 | 2023-11-30 |
| CVE-2023-1163 json | A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and classified as problematic. Affected by this vulnerability is... | 6.5 - MEDIUM | 2023-03-03 | 2023-11-22 |
| CVE-2023-1162 json | A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1225... | 8.8 - HIGH | 2023-03-03 | 2023-11-22 |
| CVE-2023-1009 json | A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of... | 5.5 - MEDIUM | 2023-02-24 | 2023-11-22 |
| CVE-2022-50994 json | Not Provided | 2026-05-08 | 2026-05-08 | |
| CVE-2022-32548 json | An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlog... | 9.8 - CRITICAL | 2022-08-29 | 2022-09-01 |
| CVE-2021-43118 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-03-29 | 2022-04-05 |
| CVE-2021-42911 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-03-29 | 2022-04-05 |
| CVE-2021-20129 json | An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to expo... | 7.5 - HIGH | 2021-10-13 | 2021-10-19 |
| CVE-2021-20128 json | The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to s... | 5.4 - MEDIUM | 2021-10-13 | 2021-10-19 |
| CVE-2021-20127 json | An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek Vigo... | 8.1 - HIGH | 2021-10-13 | 2021-10-19 |
| CVE-2021-20126 json | Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-fo... | 8.8 - HIGH | 2021-10-13 | 2021-10-19 |
| CVE-2021-20125 json | An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet... | 9.8 - CRITICAL | 2021-10-13 | 2021-10-19 |
| CVE-2021-20124 json | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebSer... | 7.5 - HIGH | 2021-10-13 | 2022-07-12 |
| CVE-2021-20123 json | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the Downlo... | 7.5 - HIGH | 2021-10-13 | 2022-07-12 |
Known software with vulnerabilities from Draytek
| Type | Vendor | Product | Version |
|---|---|---|---|
| Hardware | Draytek | Vigor2925ac | - |
| Hardware | Draytek | Vigor2925fn | - |
| Hardware | Draytek | Vigor2925n-plus | - |
| Hardware | Draytek | Vigor2925vac | - |
| Hardware | Draytek | Vigor2925vn-plus | - |
| Hardware | Draytek | Vigor2960 | - |
| Operating System | Draytek | Vigor2960 Firmware | - |
| Hardware | Draytek | Vigor300b | - |
| Operating System | Draytek | Vigor300b Firmware | - |
| Hardware | Draytek | Vigor3900 | - |
| Operating System | Draytek | Vigor3900 Firmware | - |
| Operating System | Draytek | Vigorap 910c Firmware | 1.3.1 |
| Hardware | Draytek | Vigor 2700 Router | - |
| Operating System | Draytek | Vigor 2700 Router Firmware | 2.8.3 |
| Hardware | Draytek | Vigor 2925 | - |
| Hardware | Draytek | Vigor 2925n | - |
| Operating System | Draytek | Vigor 2925 Firmware | 3.8.4.3 |