Published: 01/02/2020 Updated: 31/03/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Multiple DrayTek products could allow a remote malicious user to execute arbitrary code on the system, caused by a flaw in the cgi-bin/mainfunction.cgi. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Vulnerability Trend

Affected Products

Vendor Product Versions
DraytekVigor2960 Firmware1.3.1
DraytekVigor300b Firmware1.3.3,, 1.4.4
DraytekVigor3900 Firmware1.4.4

Mailing Lists

DrayTek Vigor2960 version 131_Beta, Vigor3900 version 144_Beta, and Vigor300B versions 133_Beta, 1421_Beta, and 144_Beta suffer from a remote command execution vulnerability ...

Github Repositories


nmap script to detect CVE-2020-8515 on Draytek Devices