Browse all 8 CVE security advisories affecting DrayTek. AI-powered Chinese analysis, POCs, and references for each vulnerability.
DrayTek develops networking hardware and software, primarily serving small to medium businesses with routers, firewalls, and VPN solutions. Historically, their products have faced multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with seven CVEs currently documented. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in their firmware suggests potential exposure points for attackers. Their devices often default to administrative interfaces with weak security configurations, making them attractive targets for exploitation in enterprise environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-3040 | DrayTek Vigor 300B Web Management uploadlangs cgiGetFile os command injection — Vigor 300BCWE-78 | 4.7 | Medium | 2026-02-23 |
This page lists every published CVE security advisory associated with DrayTek. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.