CVE-2024-51299

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function...

CVE-2024-51299

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function...

CVE-2024-51299

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function...

CVE-2024-51299

CVE-2024-51299 affects Draytek Vigor3900, version 1.5.1.3. The flaw allows an attacker to inject commands into mainfunction.cgi and execute arbitrary commands via the dumpSyslog function. Documented impact is high (remote network attack with full system compromise) with CVSS v3.1: AV:N/AC:L/PR:L/...

DrayTek Vigor 3900 安全漏洞

The DrayTek Vigor 3900 is a high performance router for enterprise networks from DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3, which can be exploited to inject commands into mainfunction.cgi and execute arbitrary code in the dumpSyslog function...

CVE-2023-6265

UNSUPPORTED WHEN ASSIGNED Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported...

PT-2023-32582 · Draytek · Draytek Vigor2960

Name of the Vulnerable Software and Affected Versions: Draytek Vigor2960 versions 1.5.1.4 through 1.5.1.5 Description: The issue allows an authenticated attacker with access to the web management interface to delete arbitrary files via directory traversal. This is achieved through the...