CVE-2024-45885

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to autodiscoveryclear...

CVE-2024-45888

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setapmapconfig.'...

PT-2024-31841 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue is a post-authentication command injection vulnerability. This occurs when the action parameter in the "cgi-bin/mainfunction.cgi" endpoint is set to setSWMOption. Recommendations: For...

The vulnerability of the doPPPoE function in the cgi-bin/mainfunction.cgi file of the DrayTek Vigor 2960 router’s microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the doPPPoE function in the cgi-bin/mainfunction.cgi file of the DrayTek Vigor 2960 router microprogramming system exists due to the failure to take measures to neutralize special commands used in the operating system commands. Exploiting this vulnerability allows a remote...

The vulnerability of the component cgi-bin/mainfunction.cgi/cvmcfgupload in the microprogramming software for DrayTek Vigor allows a hacker to execute arbitrary code.

The vulnerability of the cgi-bin/mainfunction.cgi/cvmcfgupload component of DrayTek Vigor routing software exists due to the failure to eliminate special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2020-8515

DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1...