Lucene search
K

12 matches found

NVD
NVD
added 2024/11/04 3:15 p.m.107 views

CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletewlanprofile...

8CVSS0.01291EPSS
Exploits0References2
NVD
NVD
added 2024/11/04 3:15 p.m.13 views

CVE-2024-45882

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletemapprofile...

8CVSS0.01514EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/04 12:0 a.m.27 views

CVE-2024-45888

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setapmapconfig.'...

0.01977EPSS
Exploits0References2
CVE
CVE
added 2024/11/04 12:0 a.m.55 views

CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 is affected by a post-authentication command injection in cgi-bin/mainfunction.cgi when action=delete_wlan_profile is used. The vulnerability allows arbitrary commands with low privileges after authentication, impacting confidentiality, integrity, and availability (CVSS ...

8CVSS7.4AI score0.01291EPSS
In wildExploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.11 views

PT-2024-31835 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue is a post-authentication command injection problem. It occurs when the action parameter in the "cgi-bin/mainfunction.cgi" endpoint is set to setSWMGroup. This allows for potential comma...

8CVSS7.4AI score0.02081EPSS
Exploits0References6
CVE
CVE
added 2024/11/04 12:0 a.m.54 views

CVE-2024-45893

DrayTek Vigor3900, firmware 1.5.1.3, contains a post-authentication command injection vulnerability in CGI path cgi-bin/mainfunction.cgi when the action parameter is set to setSWMOption. This affects the device as described in multiple sources (CVE-2024-45893, Red Hat, NVD, CVE databases) and sho...

8CVSS7AI score0.01594EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/11/04 12:0 a.m.65 views

CVE-2024-45890

CVE-2024-45890 affects DrayTek Vigor3900 (version 1.5.1.3). The vulnerability is a post-authentication command injection caused by lack of neutralization of certain characters in the action parameter to cgi-bin/mainfunction.cgi when action equals download_ovpn. Impact is high (remote command exec...

8CVSS7.4AI score0.02081EPSS
In wildExploits0References2Affected Software1
NVD
NVD
added 2024/10/28 12:15 p.m.15 views

CVE-2024-48074

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...

8CVSS0.00653EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/28 12:0 a.m.15 views

CVE-2024-48074

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...

0.00653EPSS
Exploits1References2
NVD
NVD
added 2024/08/21 4:15 p.m.40 views

CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...

8CVSS0.01297EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/02/01 12:36 p.m.37 views

CVE-2020-8515

DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1...

9.8AI score0.99993EPSS
Exploits7References3
ATTACKERKB
ATTACKERKB
added 2020/02/01 12:0 a.m.83 views

CVE-2020-8515

DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1. Recent...

10CVSS9.7AI score0.99993EPSS
In wildExploits7References5
Rows per page
Query Builder