PT-2024-34577 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into "mainfunction.cgi" and execute arbitrary commands by calling the sign cacertificate function. This is a command injection vulnerabilit...

DrayTek Vigor 3900 安全漏洞

DrayTek Vigor 3900 is a high performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3. An attacker can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the signcacertificate...

CVE-2024-51258

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function...

CVE-2024-51298

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function...

CVE-2024-51301

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packetmonitor function...

CVE-2024-51257

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function...

CVE-2024-51257

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function...

CVE-2024-51300

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the getrrd function...

CVE-2024-51300

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the getrrd function...

CVE-2024-51299

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function...

CVE-2024-51296

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function...

CVE-2024-51301

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packetmonitor function...

CVE-2024-51298

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function...

CVE-2024-51304

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldapsearchdn function...

CVE-2024-51257

Vulnerable product: DrayTek Vigor3900 firmware 1.5.1.3. Issue: mainfunction.cgi accepts input via doCertificate, enabling attackers to inject commands and achieve arbitrary command execution. Root cause: insecure handling in the doCertificate path leading to remote code execution. Impact: high-se...

CVE-2024-51258

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function...

CVE-2024-51301

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packetmonitor function...

CVE-2024-51258

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function...

PT-2024-34579 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. Recommendations: For DrayTek Vigor3900 version...

CVE-2024-51296

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function...