These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2024-12987 is a DrayTek Vigor Routers OS command injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-05-15. Because it is listed in KEV, defenders should treat it as an active-exploitation risk and prioritize vendor-recommended mitigations immediately.
CVE-2020-15415 is a DrayTek Multiple Vigor Routers OS command injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2024-09-30. KEV inclusion means there is evidence of active exploitation, so organizations using affected DrayTek Vigor routers should treat this as a high-priority exposure. CISA’s guidance is to apply mitigations per vendor instructions or discontinue us [truncated]
CVE-2021-20124 is a path traversal vulnerability affecting DrayTek VigorConnect. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on 2024-09-03 and set a remediation due date of 2024-09-24. Because it is on the KEV list, defenders should treat it as an urgent remediation item and follow vendor mitigation guidance or discontinue use if mitigations are not available.
CVE-2021-20123 is a path traversal vulnerability affecting DrayTek VigorConnect. CISA added it to the Known Exploited Vulnerabilities catalog on 2024-09-03, which means defenders should treat it as an active priority and follow vendor remediation guidance promptly. If mitigations are not available, CISA’s catalog entry says to discontinue use of the product.
CVE-2020-8515 is a DrayTek Vigor router web management page vulnerability affecting multiple models. CISA listed it in the Known Exploited Vulnerabilities (KEV) catalog on 2021-11-03, which indicates confirmed exploitation or high confidence of active abuse. Because the supplied corpus does not include deeper technical detail or a CVSS score, defenders should treat this as a prioritized network-device iss [truncated]