CVE-2024-51298

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function...

CVE-2024-51298

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function...

CVE-2024-51298

DrayTek Vigor3900 firmware 1.5.1.3 exposes a command-injection in mainfunction.cgi via the doGRETunnel function, enabling arbitrary code execution over the network (CVE-2024-51298). Impact is high (remote, unauthenticated, total compromise) per CVSS 3.1 metrics. Mitigation/workaround from PT-2024...

CVE-2024-51298

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function...

PT-2024-34588 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function. Recommendations: For Draytek Vigor3900 version...

DrayTek Vigor 3900 安全漏洞

The DrayTek Vigor 3900 is a high performance router for enterprise networks from DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3 that originates from the ability to inject commands into mainfunction.cgi and execute arbitrary code in the doGRETunnel function...