CVE-2021-42911

Name of the Vulnerable Software and Affected Versions DrayTek Vigor 2960 versions 1.5.1.3 and earlier DrayTek Vigor 3900 versions 1.5.1.3 and earlier DrayTek Vigor 300B versions 1.5.1.3 and earlier

Description The issue is related to a Format String vulnerability in the mainfunction.cgi file of the DrayTek Vigor web interface. This vulnerability can be exploited by a remote attacker using a crafted HTTP message with a malformed QUERY STRING, potentially allowing the execution of arbitrary code.

Recommendations For DrayTek Vigor 2960 version 1.5.1.3 and earlier, update to a version later than 1.5.1.3. For DrayTek Vigor 3900 version 1.5.1.3 and earlier, update to a version later than 1.5.1.3. For DrayTek Vigor 300B version 1.5.1.3 and earlier, update to a version later than 1.5.1.3. As a temporary workaround, consider restricting access to the mainfunction.cgi file until a patch is available.