CVE-2024-51251

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function...

CVE-2024-51251

Summary: CVE-2024-51251 affects DrayTek Vigor3900 firmware 1.5.1.3. The vulnerability allows an attacker to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. Affected product: DrayTek Vigor3900 (firmware 1.5.1.3). Root cause / vector: W...

CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 is affected by a post-authentication command injection in cgi-bin/mainfunction.cgi when action=delete_wlan_profile is used. The vulnerability allows arbitrary commands with low privileges after authentication, impacting confidentiality, integrity, and availability (CVSS ...

PT-2024-34576 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function. This enables the execution of commands without proper...

CVE-2024-51249

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function...

CVE-2024-51249

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function...

CVE-2024-45893

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMOption...

CVE-2024-51246

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function...

CVE-2024-45889

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to commandTable...

CVE-2024-45887

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to doOpenVPN...

CVE-2024-51251

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function...

CVE-2024-51246

CVE-2024-51246 affects Draytek Vigor3900, specifically version 1.5.1.3. Attackers can inject commands into mainfunction.cgi and execute arbitrary commands via the doPPTP function, per multiple sources. The vulnerability is described across NVD/CVE records and connected feeds as an arbitrary comma...

PT-2024-31840 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue is a post-authentication command injection problem. It occurs when the action parameter in the "cgi-bin/mainfunction.cgi" endpoint is set to delete wlan profile. Recommendations: For...

CVE-2024-51252

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function...

CVE-2024-51252

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function...

CVE-2024-51247

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function...

CVE-2024-51245

In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the renametable function...

CVE-2024-51248

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function...

CVE-2024-51244

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function...

CVE-2024-51245

In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the renametable function...