CVE-2024-51251

Summary: CVE-2024-51251 affects DrayTek Vigor3900 firmware 1.5.1.3. The vulnerability allows an attacker to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. Affected product: DrayTek Vigor3900 (firmware 1.5.1.3). Root cause / vector: W...

CVE-2024-45887

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to doOpenVPN...

CVE-2024-51253

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function...

PT-2024-34572 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into "mainfunction.cgi" and execute arbitrary commands by calling the doPPTP function. Recommendations: For Draytek Vigor3900 version...

PT-2024-34576 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function. This enables the execution of commands without proper...

CVE-2024-51246

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function...

PT-2024-31835 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue is a post-authentication command injection problem. It occurs when the action parameter in the "cgi-bin/mainfunction.cgi" endpoint is set to setSWMGroup. This allows for potential comma...

CVE-2024-51249

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function...

DrayTek Vigor 3900 安全漏洞

DrayTek Vigor 3900 is a high performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3. The vulnerability can be exploited to execute arbitrary commands by injecting malicious commands into mainfunction.cgi and calling...

PT-2024-31840 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue is a post-authentication command injection problem. It occurs when the action parameter in the "cgi-bin/mainfunction.cgi" endpoint is set to delete wlan profile. Recommendations: For...

CVE-2024-45888

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setapmapconfig.'...

CVE-2024-51246

CVE-2024-51246 affects Draytek Vigor3900, specifically version 1.5.1.3. Attackers can inject commands into mainfunction.cgi and execute arbitrary commands via the doPPTP function, per multiple sources. The vulnerability is described across NVD/CVE records and connected feeds as an arbitrary comma...

PT-2024-31837 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: A command injection issue occurs when the action parameter in the "cgi-bin/mainfunction.cgi" endpoint is set to 'set ap map config'. This allows for potential command injection attacks...

CVE-2024-45884

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMGroup...

CVE-2024-45893

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMOption...

CVE-2024-45889

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to commandTable...

PT-2024-34573 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function. This enables remote reboot and potentially other...

CVE-2024-45893

DrayTek Vigor3900, firmware 1.5.1.3, contains a post-authentication command injection vulnerability in CGI path cgi-bin/mainfunction.cgi when the action parameter is set to setSWMOption. This affects the device as described in multiple sources (CVE-2024-45893, Red Hat, NVD, CVE databases) and sho...

CVE-2024-45884

DrayTek Vigor3900 firmware 1.5.1.3 is affected by a post-authentication command-injection vulnerability. The flaw occurs when the action parameter in /cgi-bin/mainfunction.cgi is set to setSWMGroup, allowing potentially arbitrary commands to be executed after authentication. CVSS v3.1: AV Adjacen...

CVE-2024-45890

CVE-2024-45890 affects DrayTek Vigor3900 (version 1.5.1.3). The vulnerability is a post-authentication command injection caused by lack of neutralization of certain characters in the action parameter to cgi-bin/mainfunction.cgi when action equals download_ovpn. Impact is high (remote command exec...