CVE-2020-15415: DrayTek Multiple Vigor Routers OS Command Injection

DrayTek Multiple Vigor Routers OS Command Injection Vulnerability. DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used.

• CISA KEV-listed (remediation due 2024-10-21)
• EPSS 93.0% (99.8% percentile)

Browse the CVE database

Read the full analysis on IntelFusions