VulnCheck KEV: CVE-2024-45885

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to autodiscoveryclear...

CVE-2024-51252

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function...

The vulnerability in the mainfunction.cgii web interface of DrayTek Vigor software allows a hacker to execute arbitrary code.

The vulnerability in the mainfunction.cgii web interface of the DrayTek Vigor router software lies in the issue of buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code during the processing of the formuserphonenumber parameter...

The vulnerability in the mainfunction.cgi web interface of the DrayTek Vigor router software allows a hacker to execute arbitrary code.

The vulnerability in the mainfunction.cgi web interface of the DrayTek Vigor router software exists due to the failure to implement measures to neutralize specific elements. Exploiting this vulnerability allows an attacker to execute arbitrary commands during the processing of parameters...

The vulnerability in the mainfunction.cgii web interface of DrayTek Vigor software allows a hacker to execute arbitrary code.

The vulnerability in the mainfunction.cgii web interface of the DrayTek Vigor router software system involves the use of uncontrolled format strings. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the sub_1225C function in the mainfunction.cgi web interface of the DrayTek Vigor router software allows a hacker to execute arbitrary commands.

The vulnerability of function sub1225C in the mainfunction.cgi web interface of the DrayTek Vigor router software lies in the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-45890

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to downloadovpn...

CVE-2024-45889

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to commandTable...

CVE-2024-45885

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to autodiscoveryclear...

CVE-2024-45888

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setapmapconfig.'...

CVE-2024-45893

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMOption...

CVE-2024-45882

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletemapprofile...

CVE-2024-51246

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function...

PT-2024-31838 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue is a post-authentication command injection vulnerability. It occurs when the action parameter in the "cgi-bin/mainfunction.cgi" endpoint is set to commandTable. This vulnerability happe...

DrayTek Vigor 3900 安全漏洞

DrayTek Vigor 3900 is a high performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3. An attacker can exploit this vulnerability to inject malicious commands into mainfunction.cgi and execute arbitrary commands by...

PT-2024-31841 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue is a post-authentication command injection vulnerability. This occurs when the action parameter in the "cgi-bin/mainfunction.cgi" endpoint is set to setSWMOption. Recommendations: For...

The vulnerability of the doPPPoE function in the cgi-bin/mainfunction.cgi file of the DrayTek Vigor 2960 router’s microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the doPPPoE function in the cgi-bin/mainfunction.cgi file of the DrayTek Vigor 2960 router microprogramming system exists due to the failure to take measures to neutralize special commands used in the operating system commands. Exploiting this vulnerability allows a remote...

DrayTek Vigor 3900 安全漏洞

The DrayTek Vigor 3900 is a high-performance router for enterprise networks from China-based DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3, which can be exploited by an attacker to execute arbitrary commands by injecting malicious commands into mainfunction.cg...

CVE-2024-51259

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setupcacertificate function...

DrayTek Vigor 3900 安全漏洞

DrayTek Vigor 3900 is a high-performance router for enterprise networks from China DrayTek DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3. An attacker can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the...