DrayTek Vigor 3900 安全漏洞

DrayTek Vigor 3900 is a high-performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 v1.5.1.6, which originates from the sub2C920 function on /cgi-bin/mainfunction.cgi contains a command injection vulnerability...

VulnCheck KEV: CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...

DrayTek Vigor多款产品 安全漏洞

DrayTek Vigor 3900 and others are products of China DrayTek DrayTek.DrayTek Vigor 3900 is a broadband router/VPN gateway device.DrayTek Vigor 2960 is a dual-WAN broadband router/VPN gateway.DrayTek Vigor 300B is a Quad-WAN load balanced broadband router running on DrayTek Vigor 300B is a Quad-WAN...

CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...

CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...

CVE-2023-6265

UNSUPPORTED WHEN ASSIGNED Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported...

CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

PT-2023-9802 · Draytek · Draytek Vigor2960

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor2960 version 1.5.1.4 Description: The issue allows an authenticated attacker with network access to the web management interface to inject operating system commands via the parameter parameter in the mainfunction.cgi component...

CVE-2023-24229

Summary: CVE-2023-24229 affects DrayTek Vigor2960 (v1.5.1.4). An authenticated attacker with network access to the device’s web management interface can inject operating system commands through the mainfunction.cgi parameter, enabling arbitrary command execution. This vulnerability exists in a de...

CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-24229

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

DrayTek Vigor2960 命令注入漏洞

The DrayTek Vigor2960 is a dual WAN broadband router/VPN gateway from China-based DrayTek. A command injection vulnerability exists in the DrayTek Vigor2960 v1.5.1.4, which stems from the presence of a command injection vulnerability via the mainfunction.cgi component...

PT-2023-9806 · Draytek · Draytek Vigor

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor versions 1.5.1.4 through 1.5.1.5 Description: The issue is related to the function sub 1225C in the mainfunction.cgi script of the DrayTek Vigor web interface, where inadequate data cleaning on the management level can be...

PT-2023-9805 · Draytek · Draytek Vigor2960

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 2960 versions 1.5.1.4 through 1.5.1.5 Description: A critical vulnerability has been found in the Web Management Interface of DrayTek Vigor 2960, specifically in the function getSyslogFile of the file mainfunction.cgi. The issue...

DrayTek Vigor2960 路径遍历漏洞

DrayTek Vigor2960 is a dual WAN broadband router/VPN gateway from DrayTek, China. A path traversal vulnerability exists in the DrayTek Vigor2960 version 1.5.1.4, which stems from a problem with the function sub1DA58 in the file mainfunction.cgi, which can lead to path traversal...

DrayTek Vigor2960 命令注入漏洞

The DrayTek Vigor2960 is a dual WAN broadband router/VPN gateway from China's DrayTek. A command injection vulnerability exists in the DrayTek Vigor2960 version 1.5.1.4, which stems from a problem with the function sub1225C in the file mainfunction.cgi, which can lead to a command injection...

DrayTek Vigor Remote Command Injection Vulnerability

DrayTek Vigor is a router. A remote command injection vulnerability exists in DrayTek Vigor, which can be exploited by attackers to allow a remote malicious user to execute arbitrary code via a crafted HTTP message containing a malformed query string in mainfunction.cgi...