Vigor3900
by Draytek
CVEs (32)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-51255 | 0.00 | — | 0.00 | Oct 31, 2024 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function. | |||
| CVE-2024-51259 | 0.00 | — | 0.00 | Oct 31, 2024 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. | |||
| CVE-2024-51258 | 0.00 | — | 0.00 | Oct 30, 2024 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. | |||
| CVE-2024-51300 | 0.00 | — | 0.00 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function. | |||
| CVE-2024-51296 | 0.00 | — | 0.00 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. | |||
| CVE-2024-51301 | 0.00 | — | 0.00 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function. | |||
| CVE-2024-51304 | 0.00 | — | 0.00 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function. | |||
| CVE-2024-51257 | 0.00 | — | 0.00 | Oct 30, 2024 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. | |||
| CVE-2024-51299 | 0.00 | — | 0.00 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. | |||
| CVE-2024-51298 | 0.00 | — | 0.00 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function. | |||
| CVE-2024-48153 | 0.00 | — | 0.00 | Oct 14, 2024 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. | |||
| CVE-2024-46316 | 0.00 | — | 0.00 | Oct 9, 2024 | DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message. |
- CVE-2024-51255Oct 31, 2024risk 0.00cvss —epss 0.00
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function.
- CVE-2024-51259Oct 31, 2024risk 0.00cvss —epss 0.00
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function.
- CVE-2024-51258Oct 30, 2024risk 0.00cvss —epss 0.00
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function.
- CVE-2024-51300Oct 30, 2024risk 0.00cvss —epss 0.00
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function.
- CVE-2024-51296Oct 30, 2024risk 0.00cvss —epss 0.00
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function.
- CVE-2024-51301Oct 30, 2024risk 0.00cvss —epss 0.00
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function.
- CVE-2024-51304Oct 30, 2024risk 0.00cvss —epss 0.00
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.
- CVE-2024-51257Oct 30, 2024risk 0.00cvss —epss 0.00
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function.
- CVE-2024-51299Oct 30, 2024risk 0.00cvss —epss 0.00
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function.
- CVE-2024-51298Oct 30, 2024risk 0.00cvss —epss 0.00
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function.
- CVE-2024-48153Oct 14, 2024risk 0.00cvss —epss 0.00
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.
- CVE-2024-46316Oct 9, 2024risk 0.00cvss —epss 0.00
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message.
Page 2 of 2