Home > About > Security Advisory >

Vigor3900 / Vigor2960 / Vigor300B Remote code injection/execution Vulnerability (CVE-2020-14472 / CVE-2020-15415)

Released Date: 2020-06-24

We have become aware of a possible exploit of the Vigor3900 / 2960 / 300B related to functions and services on 12th Apr., and we released an updated firmware to address this issue on 17th Jun. 2020.

Necessary Action: Users of affected models should upgrade firmware to version 1.5.1.1 or later as soon as possible.

Affected Products and the Fixed Firmware Version

Model Fixed Firmware Version Download Link
Vigor300B 1.5.1.1
Vigor2960 1.5.1.1
Vigor3900 1.5.1.1

The issue only affects the Vigor3900 / 2960 / 300B and is not known to affect any other DrayTek products.

Acknowledgement

Here we want to express our acknowledgment for the people who found the vulnerability and notify us.

Contact Technical Support

Should you have any security-related inquiry regarding one of our products, please contact DrayTek Technical Support.