Known Vulnerabilities for products from Draytek
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Draytek".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Draytek can be found at device.report : Draytek
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-43118 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-03-29 | 2022-04-05 |
| CVE-2021-42911 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-03-29 | 2022-04-05 |
| CVE-2021-20129 | An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to expo... | 7.5 - HIGH | 2021-10-13 | 2021-10-19 |
| CVE-2021-20128 | The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to s... | 5.4 - MEDIUM | 2021-10-13 | 2021-10-19 |
| CVE-2021-20127 | An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek Vigo... | 8.1 - HIGH | 2021-10-13 | 2021-10-19 |
| CVE-2021-20126 | Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-fo... | 8.8 - HIGH | 2021-10-13 | 2021-10-19 |
| CVE-2021-20125 | An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet... | 9.8 - CRITICAL | 2021-10-13 | 2021-10-19 |
| CVE-2021-20124 | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebSer... | 7.5 - HIGH | 2021-10-13 | 2022-07-12 |
| CVE-2021-20123 | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the Downlo... | 7.5 - HIGH | 2021-10-13 | 2022-07-12 |
| CVE-2020-28968 | Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Config... | 5.4 - MEDIUM | 2021-10-22 | 2021-10-28 |
| CVE-2020-19664 | DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. | 8.8 - HIGH | 2020-12-31 | 2023-11-07 |
| CVE-2020-15415 | On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote comm... | 9.8 - CRITICAL | 2020-06-30 | 2020-07-02 |
| CVE-2020-14993 | A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers t... | 9.8 - CRITICAL | 2020-06-23 | 2023-11-07 |
| CVE-2020-14473 | Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1. | 9.8 - CRITICAL | 2020-06-24 | 2023-11-07 |
| CVE-2020-14472 | On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in t... | 9.8 - CRITICAL | 2020-06-24 | 2021-12-21 |
| CVE-2020-10828 | A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attac... | 9.8 - CRITICAL | 2020-03-26 | 2020-06-23 |
| CVE-2020-10827 | A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attac... | 9.8 - CRITICAL | 2020-03-26 | 2020-06-23 |
| CVE-2020-10826 | /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve ... | 9.8 - CRITICAL | 2020-03-26 | 2022-04-22 |
| CVE-2020-10825 | A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960... | 9.8 - CRITICAL | 2020-03-26 | 2020-06-23 |
| CVE-2020-10824 | A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300... | 9.8 - CRITICAL | 2020-03-26 | 2020-06-23 |
Known software with vulnerabilities from Draytek
| Type | Vendor | Product | Version |
|---|---|---|---|
| Hardware | Draytek | Vigor 2700 Router | - |
| Operating System | Draytek | Vigor 2700 Router Firmware | 2.8.3 |
| Hardware | Draytek | Vigor 2925 | - |
| Operating System | Draytek | Vigor 2925 Firmware | 3.8.4.3 |
| Hardware | Draytek | Vigor 2925n | - |
| Hardware | Draytek | Vigor2925ac | - |
| Hardware | Draytek | Vigor2925fn | - |
| Hardware | Draytek | Vigor2925n-plus | - |
| Hardware | Draytek | Vigor2925vac | - |
| Hardware | Draytek | Vigor2925vn-plus | - |
| Hardware | Draytek | Vigor2960 | - |
| Operating System | Draytek | Vigor2960 Firmware | - |
| Hardware | Draytek | Vigor300b | - |
| Operating System | Draytek | Vigor300b Firmware | - |
| Hardware | Draytek | Vigor3900 | - |
| Operating System | Draytek | Vigor3900 Firmware | - |
| Operating System | Draytek | Vigorap 910c Firmware | 1.3.1 |