CVE-2020-14472

Name of the Vulnerable Software and Affected Versions Draytek Vigor3900 versions prior to 1.5.1.1 Draytek Vigor2960 versions prior to 1.5.1.1 Draytek Vigor300B versions prior to 1.5.1.1

Description The issue concerns command-injection vulnerabilities in the mainfunction.cgi file of the affected devices. This vulnerability exists due to inadequate data cleaning at the management level, allowing a remote attacker to inject arbitrary commands.

Recommendations For Draytek Vigor3900 versions prior to 1.5.1.1, update to version 1.5.1.1 or later. For Draytek Vigor2960 versions prior to 1.5.1.1, update to version 1.5.1.1 or later. For Draytek Vigor300B versions prior to 1.5.1.1, update to version 1.5.1.1 or later. As a temporary workaround, consider restricting access to the mainfunction.cgi file until a patch is available.