Vigor3900

CVEs (32)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2024-51251	Draytek Vigor3900	—	0.00	Nov 4, 2024	In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function.
CVE-2024-45889	Draytek Vigor3900	—	0.01	Nov 4, 2024	DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`
CVE-2024-45882	Draytek Vigor3900	—	0.01	Nov 4, 2024	DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`
CVE-2024-45887	Draytek Vigor3900	—	0.00	Nov 4, 2024	DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`
CVE-2024-45885	Draytek Vigor3900	—	0.01	Nov 4, 2024	DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`
CVE-2024-51253	Draytek Vigor3900	—	0.00	Nov 4, 2024	In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function.
CVE-2024-45893	Draytek Vigor3900	—	0.01	Nov 4, 2024	DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`
CVE-2024-45884	Draytek Vigor3900	—	0.00	Nov 4, 2024	DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`
CVE-2024-51246	Draytek Vigor3900	—	0.00	Nov 4, 2024	In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.
CVE-2024-45888	Draytek Vigor3900	—	0.00	Nov 4, 2024	DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'
CVE-2024-45890	Draytek Vigor3900	—	0.01	Nov 4, 2024	DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`
CVE-2024-45891	Draytek Vigor3900	—	0.01	Nov 4, 2024	DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`
CVE-2024-51249	Draytek Vigor3900	—	0.00	Nov 4, 2024	In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function.
CVE-2024-51247	Draytek Vigor3900	—	0.00	Nov 1, 2024	In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.
CVE-2024-51252	Draytek Vigor3900	—	0.00	Nov 1, 2024	In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function.
CVE-2024-51245	Draytek Vigor3900	—	0.00	Nov 1, 2024	In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.
CVE-2024-51244	Draytek Vigor3900	—	0.00	Nov 1, 2024	In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.
CVE-2024-51248	Draytek Vigor3900	—	0.00	Nov 1, 2024	In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.
CVE-2024-51254	Draytek Vigor3900	—	0.00	Oct 31, 2024	DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function.
CVE-2024-51260	Draytek Vigor3900	—	0.00	Oct 31, 2024	DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.

CVE-2024-51251Nov 4, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.00
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function.
CVE-2024-45889Nov 4, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.01
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`
CVE-2024-45882Nov 4, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.01
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`
CVE-2024-45887Nov 4, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.00
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`
CVE-2024-45885Nov 4, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.01
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`
CVE-2024-51253Nov 4, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.00
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function.
CVE-2024-45893Nov 4, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.01
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`
CVE-2024-45884Nov 4, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.00
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`
CVE-2024-51246Nov 4, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.00
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.
CVE-2024-45888Nov 4, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.00
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'
CVE-2024-45890Nov 4, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.01
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`
CVE-2024-45891Nov 4, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.01
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`
CVE-2024-51249Nov 4, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.00
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function.
CVE-2024-51247Nov 1, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.00
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.
CVE-2024-51252Nov 1, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.00
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function.
CVE-2024-51245Nov 1, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.00
In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.
CVE-2024-51244Nov 1, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.00
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.
CVE-2024-51248Nov 1, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.00
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.
CVE-2024-51254Oct 31, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.00
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function.
CVE-2024-51260Oct 31, 2024
Draytek
Vigor3900
risk 0.00cvss —epss 0.00
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.

Page 1 of 2