Vigor3900
by Draytek
CVEs (49)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-51248 | Hig | 0.57 | 8.8 | 0.01 | Nov 1, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function. | ||
| CVE-2024-51247 | Hig | 0.57 | 8.8 | 0.01 | Nov 1, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. | ||
| CVE-2024-51245 | Hig | 0.57 | 8.8 | 0.01 | Nov 1, 2024 | In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. | ||
| CVE-2024-51244 | Hig | 0.57 | 8.8 | 0.01 | Nov 1, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function. | ||
| CVE-2024-51254 | Hig | 0.57 | 8.8 | 0.00 | Oct 31, 2024 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. | ||
| CVE-2024-51258 | Hig | 0.57 | 8.8 | 0.01 | Oct 30, 2024 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. | ||
| CVE-2024-51301 | Hig | 0.57 | 8.8 | 0.01 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function. | ||
| CVE-2024-51300 | Hig | 0.57 | 8.8 | 0.01 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function. | ||
| CVE-2024-51299 | Hig | 0.57 | 8.8 | 0.01 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. | ||
| CVE-2024-51296 | Hig | 0.57 | 8.8 | 0.01 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. | ||
| CVE-2024-51257 | Hig | 0.57 | 8.8 | 0.00 | Oct 30, 2024 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. | ||
| CVE-2024-51304 | Hig | 0.57 | 8.8 | 0.01 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function. | ||
| CVE-2024-44845 | Hig | 0.57 | 8.8 | 0.02 | Sep 6, 2024 | DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function. | ||
| CVE-2024-44844 | Hig | 0.57 | 8.8 | 0.02 | Sep 6, 2024 | DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function. | ||
| CVE-2024-45893 | Hig | 0.52 | 8.0 | 0.02 | Nov 4, 2024 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.` | ||
| CVE-2024-45891 | Hig | 0.52 | 8.0 | 0.01 | Nov 4, 2024 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.` | ||
| CVE-2024-45890 | Hig | 0.52 | 8.0 | 0.02 | Nov 4, 2024 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.` | ||
| CVE-2024-45889 | Hig | 0.52 | 8.0 | 0.02 | Nov 4, 2024 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.` | ||
| CVE-2024-45888 | Hig | 0.52 | 8.0 | 0.02 | Nov 4, 2024 | DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.' | ||
| CVE-2024-45887 | Hig | 0.52 | 8.0 | 0.02 | Nov 4, 2024 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.` |
- risk 0.57cvss 8.8epss 0.01
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.
- risk 0.57cvss 8.8epss 0.01
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.
- risk 0.57cvss 8.8epss 0.01
In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.
- risk 0.57cvss 8.8epss 0.01
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.
- risk 0.57cvss 8.8epss 0.00
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function.
- risk 0.57cvss 8.8epss 0.01
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function.
- risk 0.57cvss 8.8epss 0.01
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function.
- risk 0.57cvss 8.8epss 0.01
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function.
- risk 0.57cvss 8.8epss 0.01
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function.
- risk 0.57cvss 8.8epss 0.01
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function.
- risk 0.57cvss 8.8epss 0.00
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function.
- risk 0.57cvss 8.8epss 0.01
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.
- risk 0.57cvss 8.8epss 0.02
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
- risk 0.57cvss 8.8epss 0.02
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
- risk 0.52cvss 8.0epss 0.02
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`
- risk 0.52cvss 8.0epss 0.01
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`
- risk 0.52cvss 8.0epss 0.02
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`
- risk 0.52cvss 8.0epss 0.02
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`
- risk 0.52cvss 8.0epss 0.02
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'
- risk 0.52cvss 8.0epss 0.02
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`
Page 2 of 3