CVE-2024-45887

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to doOpenVPN...

CVE-2024-45889

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to commandTable...

PT-2024-31841 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue is a post-authentication command injection vulnerability. This occurs when the action parameter in the "cgi-bin/mainfunction.cgi" endpoint is set to setSWMOption. Recommendations: For...

CVE-2024-45888

Vulnerability detail (CVE-2024-45888) : A command-injection flaw affects DrayTek Vigor3900 running version 1.5.1.3 . The issue arises when the parameter action in the endpoint cgi-bin/mainfunction.cgi is set to set_ap_map_config (as noted in the related PT-2024-31837 description). This can enable...

CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 is affected by a post-authentication command injection in cgi-bin/mainfunction.cgi when action=delete_wlan_profile is used. The vulnerability allows arbitrary commands with low privileges after authentication, impacting confidentiality, integrity, and availability (CVSS ...

CVE-2024-45887

DrayTek Vigor3900 firmware 1.5.1.3 contains a post-authentication command injection in cgi-bin/mainfunction.cgi when action is set to doOpenVPN, enabling arbitrary command execution after login. Impact is described as high (complete compromise of confidentiality, integrity, and availability). Mit...

CVE-2024-45884

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMGroup...

PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference IDOR vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root...

CVE-2024-45888

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setapmapconfig.'...

CVE-2024-45893

DrayTek Vigor3900, firmware 1.5.1.3, contains a post-authentication command injection vulnerability in CGI path cgi-bin/mainfunction.cgi when the action parameter is set to setSWMOption. This affects the device as described in multiple sources (CVE-2024-45893, Red Hat, NVD, CVE databases) and sho...

CVE-2024-45890

CVE-2024-45890 affects DrayTek Vigor3900 (version 1.5.1.3). The vulnerability is a post-authentication command injection caused by lack of neutralization of certain characters in the action parameter to cgi-bin/mainfunction.cgi when action equals download_ovpn. Impact is high (remote command exec...

PT-2024-31835 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue is a post-authentication command injection problem. It occurs when the action parameter in the "cgi-bin/mainfunction.cgi" endpoint is set to setSWMGroup. This allows for potential comma...

Exploit for OS Command Injection in Php

CVE-2024-4577 Overview CVE-2024-4577 is a security vulner...

The vulnerability of the doPPPoE function in the cgi-bin/mainfunction.cgi file of the DrayTek Vigor 2960 router’s microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the doPPPoE function in the cgi-bin/mainfunction.cgi file of the DrayTek Vigor 2960 router microprogramming system exists due to the failure to take measures to neutralize special commands used in the operating system commands. Exploiting this vulnerability allows a remote...

CVE-2024-51259

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setupcacertificate function...

The vulnerability of the /cgi-bin/v2x00.cgi and /cgi-bin/cgiwcg.cgi web interfaces of DrayTek Vigor software allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the /cgi-bin/v2x00.cgi and /cgi-bin/cgiwcg.cgi web interfaces of DrayTek Vigor microprogramming router software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2024-48074

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...

CVE-2024-48074

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...

CVE-2024-48074

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...

CVE-2024-48074

DrayTek Vigor2960 (v1.4.4) exposes an authorized RCE via the table parameter in the doPPPoE function (cgi-bin/mainfunction.cgi); an attacker can inject a command that is executed by the system function. Impact is high per CVSS metrics. Remediation/workaround from PT-2024-7515: temporarily disable...