PT-2024-7998 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename table function. This is due to the lack of measures to neutraliz...

PT-2024-8828 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 3900 version 1.5.1.3 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command by the doPPPo function in the mainfunction.cgi script of the DrayTek Vigor 3900 router...

CVE-2024-48153

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the getsubconfig function...

CVE-2024-48153

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the getsubconfig function...

PT-2024-33007 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get subconfig function. Recommendations: For DrayTek Vigor3900 version...

CVE-2024-48153

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the getsubconfig function...

CVE-2024-48153

DrayTek Vigor3900 firmware 1.5.1.3 contains a command-injection vulnerability in mainfunction.cgi via the get_subconfig function, enabling an attacker to execute arbitrary commands with network access. Impact per CVSS shows high confidentiality, integrity, and availability implications (CVSS‑3.1:...

CVE-2024-46316

DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message...

DrayTek Vigor 3900 安全漏洞

DrayTek Vigor 3900 is a high-performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 v1.5.1.6, which originates from the sub2C920 function on /cgi-bin/mainfunction.cgi contains a command injection vulnerability...

VulnCheck KEV: CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...

CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...

DrayTek Vigor多款产品 安全漏洞

DrayTek Vigor 3900 and others are products of China DrayTek DrayTek.DrayTek Vigor 3900 is a broadband router/VPN gateway device.DrayTek Vigor 2960 is a dual-WAN broadband router/VPN gateway.DrayTek Vigor 300B is a Quad-WAN load balanced broadband router running on DrayTek Vigor 300B is a Quad-WAN...

CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...

CVE-2023-6265

UNSUPPORTED WHEN ASSIGNED Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported...

CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

DrayTek Vigor2960 命令注入漏洞

The DrayTek Vigor2960 is a dual WAN broadband router/VPN gateway from China-based DrayTek. A command injection vulnerability exists in the DrayTek Vigor2960 v1.5.1.4, which stems from the presence of a command injection vulnerability via the mainfunction.cgi component...

PT-2023-9802 · Draytek · Draytek Vigor2960

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor2960 version 1.5.1.4 Description: The issue allows an authenticated attacker with network access to the web management interface to inject operating system commands via the parameter parameter in the mainfunction.cgi component...