VYPR

Vigor3900

by Draytek

CVEs (49)

  • CVE-2024-51248HigNov 1, 2024
    risk 0.57cvss 8.8epss 0.01

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.

  • CVE-2024-51247HigNov 1, 2024
    risk 0.57cvss 8.8epss 0.01

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.

  • CVE-2024-51245HigNov 1, 2024
    risk 0.57cvss 8.8epss 0.01

    In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.

  • CVE-2024-51244HigNov 1, 2024
    risk 0.57cvss 8.8epss 0.01

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.

  • CVE-2024-51254HigOct 31, 2024
    risk 0.57cvss 8.8epss 0.00

    DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function.

  • CVE-2024-51258HigOct 30, 2024
    risk 0.57cvss 8.8epss 0.01

    DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function.

  • CVE-2024-51301HigOct 30, 2024
    risk 0.57cvss 8.8epss 0.01

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function.

  • CVE-2024-51300HigOct 30, 2024
    risk 0.57cvss 8.8epss 0.01

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function.

  • CVE-2024-51299HigOct 30, 2024
    risk 0.57cvss 8.8epss 0.01

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function.

  • CVE-2024-51296HigOct 30, 2024
    risk 0.57cvss 8.8epss 0.01

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function.

  • CVE-2024-51257HigOct 30, 2024
    risk 0.57cvss 8.8epss 0.00

    DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function.

  • CVE-2024-51304HigOct 30, 2024
    risk 0.57cvss 8.8epss 0.01

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.

  • CVE-2024-44845HigSep 6, 2024
    risk 0.57cvss 8.8epss 0.02

    DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.

  • CVE-2024-44844HigSep 6, 2024
    risk 0.57cvss 8.8epss 0.02

    DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.

  • CVE-2024-45893HigNov 4, 2024
    risk 0.52cvss 8.0epss 0.02

    DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`

  • CVE-2024-45891HigNov 4, 2024
    risk 0.52cvss 8.0epss 0.01

    DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`

  • CVE-2024-45890HigNov 4, 2024
    risk 0.52cvss 8.0epss 0.02

    DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`

  • CVE-2024-45889HigNov 4, 2024
    risk 0.52cvss 8.0epss 0.02

    DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`

  • CVE-2024-45888HigNov 4, 2024
    risk 0.52cvss 8.0epss 0.02

    DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'

  • CVE-2024-45887HigNov 4, 2024
    risk 0.52cvss 8.0epss 0.02

    DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`