CVE-2020-14472: Command Injection
First published: Wed Jun 24 2020(Updated: )
On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Draytek Vigor300b Firmware | <1.5.1.1 | |
| Draytek Vigor300b | ||
| Draytek Vigor2960 Firmware | <1.5.1.1 | |
| DrayTek Vigor2960 | ||
| Draytek Vigor3900 Firmware | <1.5.1.1 | |
| DrayTek Vigor3900 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Draytek vulnerability?
The vulnerability ID for this Draytek vulnerability is CVE-2020-14472.
What is the severity of CVE-2020-14472?
The severity of CVE-2020-14472 is critical with a severity value of 9.8.
Which Draytek devices are affected by CVE-2020-14472?
Draytek Vigor3900, Vigor2960, and Vigor 300B devices before version 1.5.1.1 are affected by CVE-2020-14472.
What is the main file affected by the command-injection vulnerabilities?
The mainfunction.cgi file is affected by the command-injection vulnerabilities.
How can I fix CVE-2020-14472 on my Draytek device?
To fix CVE-2020-14472, upgrade your Draytek Vigor3900, Vigor2960, or Vigor 300B device to version 1.5.1.1 or higher.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/draytek
- canonical/draytek vigor300b firmware
- canonical/draytek vigor300b
- canonical/draytek vigor2960 firmware
- canonical/draytek vigor2960
- canonical/draytek vigor3900 firmware
- canonical/draytek vigor3900