Home > About > Security Advisory >

Multiple Remote Code Execution and Buffer Overflow Vulnerabilities

Number: DSA-2026-001
2026-07-16

On May 9, several potential security vulnerabilities were identified within the DrayTek VigorSwitch mainfunction.cgi component, including buffer overflow conditions and improper neutralization of special elements used in operating system commands.

Although these conditions have been confirmed to exist in the affected code, there are currently no known or documented methods to trigger or exploit them, and no practical attack path has been identified. Consequently, there is no evidence at this time that the reported issues are exploitable in deployed environments. If a viable exploitation method were identified, it would likely require an attacker to possess valid administrative credentials and be able to authenticate to the switch’s web management interface.

Should a method be identified that allows these conditions to be reached and successfully exploited, they could potentially result in arbitrary code execution on an affected appliance. However, the feasibility of such exploitation has not been demonstrated. Following coordinated disclosure with the Concordia University Security Research Centre (SRC), DrayTek Corp has addressed these findings in updated firmware releases and recommends that customers upgrade to the versions listed below as a preventive security measure.

Vulnerability Details

CVE Number Description
CVE-2026-52497 Buffer Overflow and OS Command Injection Flaws
CVE-2026-52498 Buffer Overflow and OS Command Injection Flaws
CVE-2026-52499 OS Command Injection Flaws
CVE-2026-52500 OS Command Injection Flaws
CVE-2026-52501 Buffer Overflow and OS Command Injection Flaws
CVE-2026-52502 Buffer Overflow and OS Command Injection Flaws
CVE-2026-52503 OS Command Injection Flaws

The firmware updates are released for the following models. No other models are affected. Please to download and upgrade the firmware for your specific model as soon as possible to ensure your system remains up to date.

Affected Products and Recommended Firmware Versions

Model Fixed Firmware Version
VigorSwitch Q2300x 2.10.7
VigorSwitch PQ2300xb 2.10.7
VigorSwitch G2282x 2.10.6
VigorSwitch P2282x 2.10.6
VigorSwitch G2542x 3.10.6
VigorSwitch P2542x 3.10.6
VigorSwitch P2542xh 3.10.6
VigorSwitch FX2120 3.9.10
VigorSwitch P2540xs 3.9.10
VigorSwitch G2540xs 3.9.10
VigorSwitch G1280 2.9.10
VigorSwitch P1280 2.9.10
VigorSwitch P1281x 2.9.10
VigorSwitch G1282 2.9.10
VigorSwitch P1282 2.9.10
VigorSwitch G2100 2.9.10
VigorSwitch P2100 2.9.10
VigorSwitch G2121 2.9.10
VigorSwitch P2121 2.9.10
VigorSwitch PQ2121x 2.9.10
VigorSwitch Q2121x 2.9.10
VigorSwitch PQ2200xb 2.9.10
VigorSwitch Q2200x 2.9.10
VigorSwitch G2280x 2.9.10
VigorSwitch P2280x 2.9.10
VigorSwitch G2540x 2.9.10
VigorSwitch P2540x 2.9.10

Recognizing Contribution

DrayTek would like to thank Anthony Andreoli, Mourad Debbabi, Aiman Hanna, and the Concordia University Security Research Centre (SRC) for discovering and responsibly reporting these vulnerabilities, allowing us to enhance the security of our products.

Contact Technical Support

If you have any security-related queries, please reach out to us via the contact form to connect with our technical team.