CVE-2020-15415CISA KEVEPSS p99.7%

CVE-2020-15415DrayTek Multiple Vigor Routers OS Command Injection Vulnerability

DrayTek / Multiple Vigor Routers

Description

DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used.

Scoring

EPSS84.60% probability of exploitation · percentile 99.7% · 2026-06-17T12:03:21Z

CISA KEV entry

Added to KEV: 2024-09-30

(incoming)1

TypeTargetConfidenceTier
KEVEntryDrayTek Multiple Vigor Routers OS Command Injection Vulnerabilitykev-cve-2020-154150%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
DrayTek Vigor Routers OS Command Injection Vulnerability
CVE
Multiple DrayTek Vigor Routers Web Management Page Vulnerability
CVE
D-Link DNS-320 Device Command Injection Vulnerability
CVE
D-Link DIR-610 Devices Remote Command Execution
CVE
CVE-2025-10547
CVE
D-Link Multiple Routers Command Injection Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.