Skip to main content
CVE-2020-8515 CRITICAL POC KEV THREAT Act Now

DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Vigor2960 Firmware Vigor300b Firmware Vigor3900 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy