560 matches found
EUVD-2022-55966
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...
CVE-2022-50994
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...
CVE-2022-50994
The affected product is DrayTek Vigor 2960 with firmware versions prior to 1.5.1.4. The vulnerability is an OS command injection in the CGI login handler, exploitable by an unauthenticated remote attacker who injects shell metacharacters into the formpassword parameter; the input reaches the otp_...
CVE-2022-50994 DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...
CVE-2022-50994 DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...
DrayTek Vigor 2960 操作系统命令注入漏洞
The DrayTek Vigor 2960 is a router product developed by DrayTek Corporation. Versions prior to 1.5.1.4 of the DrayTek Vigor 2960 contained an operating system command injection vulnerability. This vulnerability stemmed from issues with OS command injection in the CGI login processing mechanism. I...
CVE-2026-3040
A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...
CVE-2026-3040
A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...
CVE-2026-3040
A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...
CVE-2026-3040
CVE-2026-3040 affects DrayTek Vigor 300B (up to version 1.5.1.6) in the Web Management Interface, specifically the cgiGetFile function in /cgi-bin/mainfunction.cgi/uploadlangs. The File argument manipulation leads to OS command injection. Reports indicate remote initiation is possible and that an...
CVE-2026-3040
A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...
CVE-2026-3040 DrayTek Vigor 300B Web Management uploadlangs cgiGetFile os command injection
A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...
CVE-2026-3040 DrayTek Vigor 300B Web Management uploadlangs cgiGetFile os command injection
A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...
DrayTek Vigor 300B 操作系统命令注入漏洞
The DrayTek Vigor 300B is a Quad-WAN load balancing broadband router operated on Linux systems by DrayTek Corporation. Versions of the DrayTek Vigor 300B prior to 1.5.1.6 contained an operating system command injection vulnerability. This vulnerability stemmed from improper handling of parameters...
PT-2026-21570
Name of the Vulnerable Software and Affected Versions DrayTek Vigor 300B versions up to 1.5.1.6 Description A flaw exists in DrayTek Vigor 300B that allows for operating system command injection. This issue is located within the cgiGetFile function of the /cgi-bin/mainfunction.cgi/uploadlangs fil...
CVE-2020-10823
A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 1 of 3...
EUVD-2017-3261
Malware in sbrugna...
EUVD-2020-3231
Malware in sbrugna...
EUVD-2024-41901
Malicious code in bioql PyPI...
EUVD-2024-41888
Malicious code in bioql PyPI...