Description
A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor confirms that "300B is EoL, and this is an authenticated vulnerability. We don't plan to fix it." This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-02-23
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Operating system command injection via the uploadlangs CGI in DrayTek Vigor 300B's web interface can allow an attacker to execute arbitrary commands on the device, potentially leading to full system compromise.
Action: Assess Impact
AI Analysis

Impact

The vulnerability resides in the cgiGetFile argument handling of the uploadlangs CGI, enabling an attacker to inject shell commands through the File parameter. This leads to operating‑system command execution, a form of remote code execution that can compromise confidentiality, integrity, and availability of the affected device. The weakness is catalogued as both CWE‑77 (Command Injection) and CWE‑78 (OS Command Injection).

Affected Systems

DrayTek Vigor 300B routers running firmware up to version 1.5.1.6 are affected. The device is End‑of‑Life and no longer receives vendor support or security patches. The vulnerability requires authenticated access to the web management interface, though attackers can target devices from outside the local network if the interface is exposed.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity, and the EPSS score of <1% suggests a low likelihood of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. Exploitation typically requires the attacker to have administrative credentials to access the web interface, but once authenticated, the command injection can be triggered remotely through the uploadlangs endpoint. Because the vendor will not issue a fix, any device with the exposed web interface remains at risk.

Generated by OpenCVE AI on April 17, 2026 at 16:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Determine whether the router model and firmware version are still in use and isolate it from untrusted networks.
  • Upgrade to a supported router model or firmware that receives security updates from the vendor or a third‑party provider.
  • If a replacement is not feasible, restrict access to the Web Management Interface by limiting it to a dedicated management VLAN and applying firewall rules to block inbound traffic from external sources.
  • Disable the uploadlangs CGI component if the firmware allows disabling specific CGI scripts.
  • Monitor device logs for anomalous upload attempts or command execution patterns.

Generated by OpenCVE AI on April 17, 2026 at 16:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Feb 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Draytek vigor300b Firmware
CPEs cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*
cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*
Vendors & Products Draytek vigor300b Firmware

Tue, 24 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Draytek
Draytek vigor300b
Vendors & Products Draytek
Draytek vigor300b

Mon, 23 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor confirms that "300B is EoL, and this is an authenticated vulnerability. We don't plan to fix it." This vulnerability only affects products that are no longer supported by the maintainer.
Title DrayTek Vigor 300B Web Management uploadlangs cgiGetFile os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Draytek Vigor300b Vigor300b Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-25T15:37:21.493Z

Reserved: 2026-02-23T16:34:06.326Z

Link: CVE-2026-3040

cve-icon Vulnrichment

Updated: 2026-02-25T15:37:14.011Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-23T22:16:25.960

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-3040

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T16:15:22Z

Weaknesses