On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.
https://www.forescout.com/resources/draybreak-draytek-research/
https://gist.github.com/WinMin/46165779215f1d47ec257210428c0240
https://gist.github.com/Cossack9989/fa9718434ceee4e6d4f6b0ad672c10f1