DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1 is affected by a remote code injection/execution vulnerability.
