1281 matches found
VulnCheck KEV: CVE-2024-45888
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setapmapconfig.'...
VulnCheck KEV: CVE-2024-45884
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMGroup...
VulnCheck KEV: CVE-2024-45891
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletewlanprofile...
CVE-2025-44643
Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could...
CVE-2025-44643
Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could...
CVE-2025-44643
Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could...
CVE-2025-44643
Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could...
CVE-2025-44643
CVE-2025-44643 affects Draytek AP903 v1.4.18, AP912C v1.4.9, and AP918R v1.4.9 due to an insecure configuration: the ripd.conf password property sets a hardcoded weak password. This could allow a network-attached attacker to gain unauthorized control of the routing daemon and potentially alter ro...
PT-2025-31818
Name of the Vulnerable Software and Affected Versions Draytek AP903 versions 1.4.18 Draytek AP912C version 1.4.9 Draytek AP918R version 1.4.9 Description The Draytek products are susceptible to insecure configurations due to hardcoded weak passwords within configuration files. Specifically, a wea...
Draytek多款产品 安全漏洞
Draytek AP903 and others are a wireless access point from China Draytek Draytek. A security vulnerability exists in various Draytek products, which stems from an insecure configuration that could lead to unauthorized control of the routing daemon. The following products and versions are affected:...
CVE-2024-43027
DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...
CVE-2024-23721
A Directory Traversal issue was discovered in processpost on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information...
CVE-2024-44845
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filterstring function...
CVE-2024-44844
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the runcommand function...
CVE-2024-41590
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6...
CVE-2024-41589
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests...
CVE-2024-48153
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the getsubconfig function...
CVE-2024-45882
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletemapprofile...
CVE-2024-45884
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMGroup...
CVE-2024-45888
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setapmapconfig.'...