CVE List


Critical 9.8

A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.

Published June 23, 2020.

Affected software

Draytek Vigor3900 Firmware

Draytek Vigor300b Firmware

Draytek Vigor2960 Firmware

Reference links

Sign Up for Alerts