Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Draytek
Vigor300b Firmware

draytek vigor300b firmware Vulnerabilities: CVEs, CISA KEV & Security Advisories

17 CVEs

3 in CISA KEV

draytek vigor300b firmware Vulnerabilities

CVE security advisories and vulnerability history for vigor300b firmware by draytek.

17

Total CVEs

Published

3

In CISA KEV

Exploited in the wild

13

Public exploits

With known exploit

8.8

Avg CVSS

2020–2026

Last updated February 23, 2026

Overview

draytek vigor300b firmware has 17 published CVE records since 2020, of which 3 are in CISA's Known Exploited Vulnerabilities catalog and 13 have a known public exploit. The average CVSS base score across scored CVEs is 8.8.

This page aggregates every publicly disclosed vulnerability (CVE) affecting draytek vigor300b firmware, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Severity and exploitation

How the CVSS severity of draytek vigor300b firmware's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical8

High3

Medium1

Low0

5 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

3

3 of draytek vigor300b firmware's CVEs are confirmed exploited in the wild.

Public exploits

13

13 of draytek vigor300b firmware's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every draytek vigor300b firmware version named in a CVE, then pick one to see only the CVEs that affect it.

Fixed in

1.5.17 CVEs
1.5.1.13 CVEs
1.5.1.52 CVEs

Find a version

17 CVEs

Sort

DrayTek Vigor 300B Web Management uploadlangs cgiGetFile os command injection
CVE-2026-3040
Public exploit
CWE-78
Medium · CVSS 5.1
EPSS 0.4% (64th pct)2026-02-23
DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection
CVE-2024-12987
CISA KEV
Public exploit
CWE-78
Added to CISA KEV 2025-05-15
High · CVSS 7.3
EPSS 79.0% (99th pct)2024-12-27
High vulnerability · 2024-12-27
CVE-2024-12986
Public exploit
Patch
CWE-78
High · CVSS 7.3
EPSS 70.6% (99th pct)2024-12-27
High vulnerability · 2024-08-21
CVE-2024-43027
Public exploit
Patch
CWE-77
High · CVSS 8.0
EPSS 0.7% (72th pct)2024-08-21
Vulnerability · 2022-03-29
CVE-2021-43118
Unscored
EPSS 32.1% (97th pct)2022-03-29
Vulnerability · 2022-03-29
CVE-2021-42911
Unscored
EPSS 3.9% (88th pct)2022-03-29
Critical vulnerability · 2020-06-30
CVE-2020-15415
CISA KEV
Public exploit
Patch
CWE-78
Added to CISA KEV 2024-09-30
Critical · CVSS 9.3
EPSS 93.0% (100th pct)2020-06-30
Vulnerability · 2020-06-24
CVE-2020-14472
Patch
Unscored
EPSS 2.7% (86th pct)2020-06-24
Vulnerability · 2020-06-24
CVE-2020-14473
Patch
Unscored
EPSS 0.9% (76th pct)2020-06-24
Vulnerability · 2020-06-23
CVE-2020-14993
Public exploit
Patch
Unscored
EPSS 11.6% (94th pct)2020-06-23
Critical vulnerability · 2020-03-26
CVE-2020-10828
Public exploit
Patch
CWE-787
Critical · CVSS 9.8
EPSS 13.4% (94th pct)2020-03-26
Critical vulnerability · 2020-03-26
CVE-2020-10827
Public exploit
Patch
CWE-787
Critical · CVSS 9.8
EPSS 13.4% (94th pct)2020-03-26
Critical vulnerability · 2020-03-26
CVE-2020-10826
Public exploit
Patch
CWE-77
Critical · CVSS 9.8
EPSS 30.0% (97th pct)2020-03-26
Critical vulnerability · 2020-03-26
CVE-2020-10825
Public exploit
Patch
CWE-787
Critical · CVSS 9.8
EPSS 5.5% (90th pct)2020-03-26
Critical vulnerability · 2020-03-26
CVE-2020-10824
Public exploit
Patch
CWE-787
Critical · CVSS 9.8
EPSS 5.5% (90th pct)2020-03-26
Critical vulnerability · 2020-03-26
CVE-2020-10823
Public exploit
Patch
CWE-787
Critical · CVSS 9.8
EPSS 9.6% (93th pct)2020-03-26
Critical vulnerability · 2020-02-01
CVE-2020-8515
CISA KEV
Public exploit
CWE-78
Added to CISA KEV 2021-11-03
Critical · CVSS 9.3
EPSS 94.3% (100th pct)2020-02-01

Common weakness types

The CWE weakness categories most often found in draytek vigor300b firmware CVEs. Follow any weakness for its full explanation.

CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')5 CVEs
CWE-787Out-of-bounds Write5 CVEs
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')2 CVEs

Disclosure activity by year

How many draytek vigor300b firmware CVEs were published each year.

2020

11

2022

2

2024

3

2026

1

Other draytek products

Browse vulnerabilities for other products by draytek.

vigor391060 CVEs vigor3910 firmware60 CVEs vigor390048 CVEs vigor3900 firmware48 CVEs vigor3900_firmware35 CVEs vigor296021 CVEs vigor2960 firmware21 CVEs vigor2925 firmware17 CVEs

All draytek vulnerabilities

Frequently asked questions

Common questions about draytek vigor300b firmware vulnerabilities.

How many CVEs does draytek vigor300b firmware have?

draytek vigor300b firmware has 17 published CVE records since 2020.

How many draytek vigor300b firmware CVEs are in CISA KEV?

Yes — 3 of draytek vigor300b firmware's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Are there public exploits for draytek vigor300b firmware vulnerabilities?

Yes — 13 of draytek vigor300b firmware's CVEs have a known public exploit.

Which versions of draytek vigor300b firmware are affected?

3 distinct draytek vigor300b firmware versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in draytek vigor300b firmware CVEs?

draytek vigor300b firmware's CVEs most often map to these CWE weakness types: CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-787 (Out-of-bounds Write), CWE-77 (Improper Neutralization of Special Elements used in a Command ('Command Injection')).

How many critical draytek vigor300b firmware vulnerabilities are there?

draytek vigor300b firmware has 8 critical and 3 high-severity CVEs.

What is the average severity of draytek vigor300b firmware CVEs?

The average CVSS base score across draytek vigor300b firmware's scored CVEs is 8.8.

References

All draytek vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track draytek vigor300b firmware vulnerabilities

Monitor new draytek vigor300b firmware vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References