VYPR

Vigor3900

by Draytek

CVEs (49)

  • CVE-2024-45885HigNov 4, 2024
    risk 0.52cvss 8.0epss 0.01

    DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`

  • CVE-2024-45884HigNov 4, 2024
    risk 0.52cvss 8.0epss 0.02

    DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`

  • CVE-2024-45882HigNov 4, 2024
    risk 0.52cvss 8.0epss 0.02

    DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`

  • CVE-2024-51253HigNov 4, 2024
    risk 0.52cvss 8.0epss 0.01

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function.

  • CVE-2024-51251HigNov 4, 2024
    risk 0.52cvss 8.0epss 0.01

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function.

  • CVE-2024-51249HigNov 4, 2024
    risk 0.52cvss 8.0epss 0.01

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function.

  • CVE-2024-51246HigNov 4, 2024
    risk 0.52cvss 8.0epss 0.00

    In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.

  • CVE-2024-46316HigOct 9, 2024
    risk 0.52cvss 8.0epss 0.01

    DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message.

  • CVE-2024-43027HigAug 21, 2024
    risk 0.52cvss 8.0epss 0.01

    DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi.

Page 3 of 3