CVE-2023-24229

Summary: CVE-2023-24229 affects DrayTek Vigor2960 (v1.5.1.4). An authenticated attacker with network access to the device’s web management interface can inject operating system commands through the mainfunction.cgi parameter, enabling arbitrary command execution. This vulnerability exists in a de...

CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

DrayTek Vigor2960 路径遍历漏洞

DrayTek Vigor2960 is a dual WAN broadband router/VPN gateway from DrayTek, China. A path traversal vulnerability exists in the DrayTek Vigor2960 version 1.5.1.4, which stems from a problem with the function sub1DA58 in the file mainfunction.cgi, which can lead to path traversal...

DrayTek Vigor2960 命令注入漏洞

The DrayTek Vigor2960 is a dual WAN broadband router/VPN gateway from China's DrayTek. A command injection vulnerability exists in the DrayTek Vigor2960 version 1.5.1.4, which stems from a problem with the function sub1225C in the file mainfunction.cgi, which can lead to a command injection...

PT-2023-9806 · Draytek · Draytek Vigor

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor versions 1.5.1.4 through 1.5.1.5 Description: The issue is related to the function sub 1225C in the mainfunction.cgi script of the DrayTek Vigor web interface, where inadequate data cleaning on the management level can be...

PT-2023-9805 · Draytek · Draytek Vigor2960

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 2960 versions 1.5.1.4 through 1.5.1.5 Description: A critical vulnerability has been found in the Web Management Interface of DrayTek Vigor 2960, specifically in the function getSyslogFile of the file mainfunction.cgi. The issue...

DrayTek Vigor Remote Command Injection Vulnerability

DrayTek Vigor is a router. A remote command injection vulnerability exists in DrayTek Vigor, which can be exploited by attackers to allow a remote malicious user to execute arbitrary code via a crafted HTTP message containing a malformed query string in mainfunction.cgi...

CVE-2021-42911

A Format String vulnerability exists in DrayTek Vigor 2960 = 1.5.1.3, DrayTek Vigor 3900 = 1.5.1.3, and DrayTek Vigor 300B = 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code...

CVE-2021-43118

A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code...

Format string

A Format String vulnerability exists in DrayTek Vigor 2960 = 1.5.1.3, DrayTek Vigor 3900 = 1.5.1.3, and DrayTek Vigor 300B = 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code...

多款 DrayTek Vigor 产品命令注入漏洞

DrayTek Vigor is a router. A remote command injection vulnerability exists in DrayTek Vigor, which can be exploited by attackers to allow a remote malicious user to execute arbitrary code via a crafted HTTP message containing a malformed query string in mainfunction.cgi...

PT-2021-8205 · Draytek · Draytek Vigor300B +2

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 2960 version 1.5.1.3 DrayTek Vigor 3900 version 1.5.1.3 DrayTek Vigor 300B version 1.5.1.3 Description: A Remote Command Injection issue exists in the mainfunction.cgi script of the DrayTek Vigor web interface due to inadequate...

PT-2021-8206 · Draytek · Draytek Vigor300B +2

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 2960 versions 1.5.1.3 and earlier DrayTek Vigor 3900 versions 1.5.1.3 and earlier DrayTek Vigor 300B versions 1.5.1.3 and earlier Description: The issue is related to a Format String vulnerability in the mainfunction.cgi file of...

CVE-2020-19664

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi...

CVE-2020-19664

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi...

Design/Logic Flaw

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi...

CVE-2020-19664

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi...

Draytek Vigor2960 Parameter Injection Vulnerability

The Draytek Vigor2960 is a load balancing router and VPN gateway appliance from Draytek Taiwan, China. A parameter injection vulnerability exists in the DrayTek Vigor2960 1.5.1, which allows remote command execution via toLogin2FA action to mainfunction.cgi...

CVE-2020-14472

On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file...