Vulnerability Details CVE-2020-14472
On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-14472
-
cpe:2.3:h:draytek:vigor2960:-
-
cpe:2.3:h:draytek:vigor300b:-
-
cpe:2.3:h:draytek:vigor3900:-
-
cpe:2.3:o:draytek:vigor2960_firmware:-
-
cpe:2.3:o:draytek:vigor2960_firmware:1.3.1
-
cpe:2.3:o:draytek:vigor2960_firmware:1.5.1
-
cpe:2.3:o:draytek:vigor300b_firmware:-
-
cpe:2.3:o:draytek:vigor300b_firmware:1.3.3
-
cpe:2.3:o:draytek:vigor300b_firmware:1.4.2.1
-
cpe:2.3:o:draytek:vigor300b_firmware:1.4.4
-
cpe:2.3:o:draytek:vigor300b_firmware:1.5.1
-
cpe:2.3:o:draytek:vigor3900_firmware:-
-
cpe:2.3:o:draytek:vigor3900_firmware:1.4.4
-
cpe:2.3:o:draytek:vigor3900_firmware:1.5.1