A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
vigor2960_firmware | eq | 1.5.1.3 | |
vigor300b_firmware | eq | 1.5.1.3 | |
vigor3900_firmware | eq | 1.5.1.3 |