DrayTek Vigor 3900 安全漏洞

The DrayTek Vigor 3900 is a high performance router for enterprise networks from DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3 that originates from the ability to inject commands into mainfunction.cgi and execute arbitrary code in the ldapsearchdn function...

DrayTek Vigor 3900 安全漏洞

The DrayTek Vigor 3900 is a high performance router for enterprise networks from DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3, which can be exploited to inject commands into mainfunction.cgi and execute arbitrary code in the doCertificate function...

DrayTek Vigor 3900 安全漏洞

The DrayTek Vigor 3900 is a high performance router for enterprise networks from DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3 that originates from the ability to inject commands into mainfunction.cgi and execute arbitrary code in the doGRETunnel function...

CVE-2024-51257

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function...

CVE-2024-51300

CVE-2024-51300 affects Draytek Vigor3900, firmware version 1.5.1.3. Multiple sources confirm an authentication-agnostic command-injection in the web-facing CGI endpoint: attackers can inject commands into mainfunction.cgi and trigger execution of arbitrary commands by invoking the get_rrd functio...

CVE-2024-51300

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the getrrd function...

CVE-2024-51301

DrayTek Vigor3900 (firmware 1.5.1.3) is affected by CVE-2024-51301. The issue allows an attacker to inject commands into mainfunction.cgi and execute arbitrary commands via the packet_monitor function, constituting remote code execution over the network. The vulnerability affects the mainfunction...

CVE-2024-48074

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...

PT-2024-7998 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename table function. This is due to the lack of measures to neutraliz...

PT-2024-7997 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 3900 version 1.5.1.3 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command by the doIPSec function in the mainfunction.cgi file of the DrayTek Vigor 3900 router'...

PT-2024-7995 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 3900 version 1.5.1.3 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command in the restore function of the mainfunction.cgi file in the DrayTek Vigor 3900 router'...

CVE-2024-48074

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...

CVE-2024-48074

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...

PT-2024-8828 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 3900 version 1.5.1.3 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command by the doPPPo function in the mainfunction.cgi script of the DrayTek Vigor 3900 router...

CVE-2024-48153

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the getsubconfig function...

CVE-2024-48153

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the getsubconfig function...

PT-2024-33007 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get subconfig function. Recommendations: For DrayTek Vigor3900 version...

CVE-2024-48153

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the getsubconfig function...

CVE-2024-48153

DrayTek Vigor3900 firmware 1.5.1.3 contains a command-injection vulnerability in mainfunction.cgi via the get_subconfig function, enabling an attacker to execute arbitrary commands with network access. Impact per CVSS shows high confidentiality, integrity, and availability implications (CVSS‑3.1:...

CVE-2024-46316

DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message...