209 matches found
CVE-2024-51257
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function...
CVE-2024-51304
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldapsearchdn function...
CVE-2024-51258
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function...
CVE-2024-51299
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function...
CVE-2024-51301
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packetmonitor function...
DrayTek Vigor 3900 安全漏洞
The DrayTek Vigor 3900 is a high performance router for enterprise networks from DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3 that originates from the ability to inject commands into mainfunction.cgi and execute arbitrary code in the doGRETunnel function...
PT-2024-34587 · Draytek · Draytek Vigor3900
Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. Recommendations: For Draytek Vigor3900 version...
PT-2024-34580 · Draytek · Draytek Vigor3900
Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. Recommendations: For DrayTek Vigor3900 version...
PT-2024-34589 · Draytek · Draytek Vigor3900
Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. Recommendations: For Draytek Vigor3900 version...
DrayTek Vigor 3900 安全漏洞
The DrayTek Vigor 3900 is a high performance router for enterprise networks from DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3, which can be exploited to inject commands into mainfunction.cgi and execute arbitrary code in the pingtrace function...
CVE-2024-51300
CVE-2024-51300 affects Draytek Vigor3900, firmware version 1.5.1.3. Multiple sources confirm an authentication-agnostic command-injection in the web-facing CGI endpoint: attackers can inject commands into mainfunction.cgi and trigger execution of arbitrary commands by invoking the get_rrd functio...
DrayTek Vigor 3900 安全漏洞
The DrayTek Vigor 3900 is a high performance router for enterprise networks from DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3, which can be exploited to inject commands into mainfunction.cgi and execute arbitrary code in the packetmonitor function...
DrayTek Vigor 3900 安全漏洞
The DrayTek Vigor 3900 is a high performance router for enterprise networks from DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3, which can be exploited to inject commands into mainfunction.cgi and execute arbitrary code in the doSSLTunnel function...
DrayTek Vigor 3900 安全漏洞
The DrayTek Vigor 3900 is a high performance router for enterprise networks from DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3, which can be exploited to inject commands into mainfunction.cgi and execute arbitrary code in the dumpSyslog function...
DrayTek Vigor 3900 安全漏洞
The DrayTek Vigor 3900 is a high performance router for enterprise networks from DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3 that originates from the ability to inject commands into mainfunction.cgi and execute arbitrary code in the ldapsearchdn function...
CVE-2024-51258
CVE-2024-51258 affects DrayTek Vigor3900 firmware version 1.5.1.3 . Vulnerability arises in the internal web endpoint mainfunction.cgi via the function doSSLTunnel , allowing an attacker to inject and execute arbitrary commands. The CVE's CVSS v3.1 metrics indicate a network-facilitated, low-priv...
CVE-2024-51299
CVE-2024-51299 affects Draytek Vigor3900, version 1.5.1.3. The flaw allows an attacker to inject commands into mainfunction.cgi and execute arbitrary commands via the dumpSyslog function. Documented impact is high (remote network attack with full system compromise) with CVSS v3.1: AV:N/AC:L/PR:L/...
CVE-2024-51301
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packetmonitor function...
CVE-2024-51257
Vulnerable product: DrayTek Vigor3900 firmware 1.5.1.3. Issue: mainfunction.cgi accepts input via doCertificate, enabling attackers to inject commands and achieve arbitrary command execution. Root cause: insecure handling in the doCertificate path leading to remote code execution. Impact: high-se...
CVE-2024-51301
DrayTek Vigor3900 (firmware 1.5.1.3) is affected by CVE-2024-51301. The issue allows an attacker to inject commands into mainfunction.cgi and execute arbitrary commands via the packet_monitor function, constituting remote code execution over the network. The vulnerability affects the mainfunction...