Browse all 8 CVE security advisories affecting DrayTek. AI-powered Chinese analysis, POCs, and references for each vulnerability.
DrayTek develops networking hardware and software, primarily serving small to medium businesses with routers, firewalls, and VPN solutions. Historically, their products have faced multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with seven CVEs currently documented. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in their firmware suggests potential exposure points for attackers. Their devices often default to administrative interfaces with weak security configurations, making them attractive targets for exploitation in enterprise environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-50994 | DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi — Vigor 2960CWE-78 | 8.1 | High | 2026-05-08 |
| CVE-2023-1163 | DrayTek Vigor 2960 Web Management Interface mainfunction.cgi getSyslogFile path traversal — Vigor 2960CWE-22 | 6.5 | Medium | 2023-03-03 |
| CVE-2023-1162 | DrayTek Vigor 2960 Web Management Interface mainfunction.cgi command injection — Vigor 2960CWE-77 | 7.2 | High | 2023-03-03 |
| CVE-2023-1009 | DrayTek Vigor 2960 Web Management Interface mainfunction.cgi sub_1DF14 path traversal — Vigor 2960CWE-22 | 6.5 | Medium | 2023-02-24 |
This page lists every published CVE security advisory associated with DrayTek. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.