CVE-2026-3040

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

CVE-2026-3040

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

CVE-2026-3040

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

CVE-2026-3040

CVE-2026-3040 affects DrayTek Vigor 300B (up to version 1.5.1.6) in the Web Management Interface, specifically the cgiGetFile function in /cgi-bin/mainfunction.cgi/uploadlangs. The File argument manipulation leads to OS command injection. Reports indicate remote initiation is possible and that an...

CVE-2026-3040

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

CVE-2026-3040 DrayTek Vigor 300B Web Management uploadlangs cgiGetFile os command injection

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

DrayTek Vigor 300B 操作系统命令注入漏洞

The DrayTek Vigor 300B is a Quad-WAN load balancing broadband router operated on Linux systems by DrayTek Corporation. Versions of the DrayTek Vigor 300B prior to 1.5.1.6 contained an operating system command injection vulnerability. This vulnerability stemmed from improper handling of parameters...

PT-2026-21570

Name of the Vulnerable Software and Affected Versions DrayTek Vigor 300B versions up to 1.5.1.6 Description A flaw exists in DrayTek Vigor 300B that allows for operating system command injection. This issue is located within the cgiGetFile function of the /cgi-bin/mainfunction.cgi/uploadlangs fil...

DrayTek Vigor多款产品 安全漏洞

DrayTek Vigor 3900 and others are products of China DrayTek DrayTek.DrayTek Vigor 3900 is a broadband router/VPN gateway device.DrayTek Vigor 2960 is a dual-WAN broadband router/VPN gateway.DrayTek Vigor 300B is a Quad-WAN load balanced broadband router running on DrayTek Vigor 300B is a Quad-WAN...

CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...

PT-2024-30260 · Draytek · Draytek Vigor300B +2

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 3900 versions prior to v1.5.1.5 Beta DrayTek Vigor 2960 versions prior to v1.5.1.5 Beta DrayTek Vigor 300B versions prior to v1.5.1.5 Beta Description: A command injection vulnerability was discovered via the action parameter at...

CVE-2024-43027

Affected products: DrayTek Vigor 3900, 2960, and 300B with versions prior to 1.5.1.5_Beta. Vulnerability: command injection via the action parameter in cgi-bin/mainfunction.cgi, as reported by multiple sources. Root cause: input in the action parameter allows execution of arbitrary commands on th...

CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...

多款Phicomm产品安全漏洞

Phicomm FIR151B A2 and others are a wireless router from Ficomm China. A security vulnerability exists in the Phicomm FIR151B A2, FIR302E A2, FIR300B A2, and FIR303B A2 routers version V3.0.1.17, which stems from the discovery of a Remote Command Execution RCE vulnerability via the pingAddr...

CVE-2021-42911

A Format String vulnerability exists in DrayTek Vigor 2960 = 1.5.1.3, DrayTek Vigor 3900 = 1.5.1.3, and DrayTek Vigor 300B = 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code...

CVE-2021-43118

A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code...

Format string

A Format String vulnerability exists in DrayTek Vigor 2960 = 1.5.1.3, DrayTek Vigor 3900 = 1.5.1.3, and DrayTek Vigor 300B = 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code...

PT-2021-8206 · Draytek · Draytek Vigor300B +2

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 2960 versions 1.5.1.3 and earlier DrayTek Vigor 3900 versions 1.5.1.3 and earlier DrayTek Vigor 300B versions 1.5.1.3 and earlier Description: The issue is related to a Format String vulnerability in the mainfunction.cgi file of...

PT-2021-8205 · Draytek · Draytek Vigor300B +2

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 2960 version 1.5.1.3 DrayTek Vigor 3900 version 1.5.1.3 DrayTek Vigor 300B version 1.5.1.3 Description: A Remote Command Injection issue exists in the mainfunction.cgi script of the DrayTek Vigor web interface due to inadequate...

CVE-2020-14472

On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file...