5 matches found
The vulnerability of the doOpenVPN() function in the mainfunction.cgi script of the DrayTek Vigor 3900, Vigor 2960, and Vigor 300B routers allows a hacker to execute arbitrary commands.
The vulnerability of the doOpenVPN function in the mainfunction.cgi script of the DrayTek Vigor 3900, Vigor 2960, and Vigor 300B routers is related to the failure to eliminate the and & elements used in the operating system’s command when processing the action parameter. Exploiting this...
CVE-2024-45887
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to doOpenVPN...
CVE-2024-45887
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to doOpenVPN...
CVE-2024-45887
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to doOpenVPN...
CVE-2024-45887
DrayTek Vigor3900 firmware 1.5.1.3 contains a post-authentication command injection in cgi-bin/mainfunction.cgi when action is set to doOpenVPN, enabling arbitrary command execution after login. Impact is described as high (complete compromise of confidentiality, integrity, and availability). Mit...