Lucene search
+L

1281 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/08/22 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-45888

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setapmapconfig.'...

8CVSS5.8AI score0.01977EPSS
In wildExploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/08/22 12:0 a.m.12 views

VulnCheck KEV: CVE-2024-45884

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMGroup...

8CVSS5.8AI score0.02081EPSS
In wildExploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/08/22 12:0 a.m.11 views

VulnCheck KEV: CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletewlanprofile...

8CVSS5.8AI score0.01291EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2025/08/06 12:13 a.m.6 views

CVE-2025-44643

Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could...

8.6CVSS6.7AI score0.00243EPSS
Exploits0References1
NVD
NVD
added 2025/08/04 3:15 p.m.7 views

CVE-2025-44643

Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could...

8.6CVSS0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/04 12:0 a.m.11 views

CVE-2025-44643

Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could...

0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/04 12:0 a.m.2 views

CVE-2025-44643

Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could...

6.8AI score0.00243EPSS
Exploits0References2
CVE
CVE
added 2025/08/04 12:0 a.m.23 views

CVE-2025-44643

CVE-2025-44643 affects Draytek AP903 v1.4.18, AP912C v1.4.9, and AP918R v1.4.9 due to an insecure configuration: the ripd.conf password property sets a hardcoded weak password. This could allow a network-attached attacker to gain unauthorized control of the routing daemon and potentially alter ro...

8.6CVSS6.8AI score0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/04 12:0 a.m.9 views

PT-2025-31818

Name of the Vulnerable Software and Affected Versions Draytek AP903 versions 1.4.18 Draytek AP912C version 1.4.9 Draytek AP918R version 1.4.9 Description The Draytek products are susceptible to insecure configurations due to hardcoded weak passwords within configuration files. Specifically, a wea...

9CVSS6.8AI score0.00243EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/08/04 12:0 a.m.5 views

Draytek多款产品 安全漏洞

Draytek AP903 and others are a wireless access point from China Draytek Draytek. A security vulnerability exists in various Draytek products, which stems from an insecure configuration that could lead to unauthorized control of the routing daemon. The following products and versions are affected:...

8.6CVSS6.6AI score0.00243EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:42 a.m.6 views

CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...

8CVSS8.1AI score0.01297EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:0 a.m.10 views

CVE-2024-23721

A Directory Traversal issue was discovered in processpost on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information...

7.5CVSS7.5AI score0.00852EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:18 a.m.5 views

CVE-2024-44845

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filterstring function...

8.8CVSS5.9AI score0.01956EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:17 a.m.6 views

CVE-2024-44844

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the runcommand function...

8.8CVSS5.9AI score0.01902EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:53 a.m.9 views

CVE-2024-41590

Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6...

8CVSS7.1AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:52 a.m.7 views

CVE-2024-41589

DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests...

8.8CVSS7.4AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:24 a.m.8 views

CVE-2024-48153

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the getsubconfig function...

9.8CVSS7.7AI score0.00658EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:8 a.m.9 views

CVE-2024-45882

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletemapprofile...

8CVSS8.1AI score0.01514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:7 a.m.9 views

CVE-2024-45884

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMGroup...

8CVSS8.1AI score0.02081EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:7 a.m.12 views

CVE-2024-45888

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setapmapconfig.'...

8CVSS8.1AI score0.01977EPSS
Exploits0References1
Rows per page
Query Builder