39 matches found
EUVD-2022-55966
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...
CVE-2022-50994
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...
CVE-2022-50994
The affected product is DrayTek Vigor 2960 with firmware versions prior to 1.5.1.4. The vulnerability is an OS command injection in the CGI login handler, exploitable by an unauthenticated remote attacker who injects shell metacharacters into the formpassword parameter; the input reaches the otp_...
CVE-2022-50994 DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...
CVE-2022-50994 DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...
PT-2026-38912
Name of the Vulnerable Software and Affected Versions DrayTek Vigor 2960 versions prior to 1.5.1.4 Description An OS command injection issue exists in the CGI login handler. Unauthenticated remote attackers can execute arbitrary commands with web server privileges by injecting shell metacharacter...
DrayTek Vigor 2960 操作系统命令注入漏洞
The DrayTek Vigor 2960 is a router product developed by DrayTek Corporation. Versions prior to 1.5.1.4 of the DrayTek Vigor 2960 contained an operating system command injection vulnerability. This vulnerability stemmed from issues with OS command injection in the CGI login processing mechanism. I...
CVE-2023-1162
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument password leads to command injectio...
CVE-2023-1163
UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option...
The vulnerability of the doPPPoE function in the cgi-bin/mainfunction.cgi file of the DrayTek Vigor 2960 router’s microprogramming system allows a hacker to execute arbitrary code.
The vulnerability of the doPPPoE function in the cgi-bin/mainfunction.cgi file of the DrayTek Vigor 2960 router microprogramming system exists due to the failure to take measures to neutralize special commands used in the operating system commands. Exploiting this vulnerability allows a remote...
DrayTek Vigor 2960 安全漏洞
The DrayTek Vigor 2960 is a dual WAN broadband router/VPN gateway from China DrayTek. A security vulnerability exists in the DrayTek Vigor 2960 version 1.4.4, which stems from an authorized remote code execution vulnerability that results in malicious commands that can be executed by system...
DrayTek Vigor多款产品 安全漏洞
DrayTek Vigor 3900 and others are products of China DrayTek DrayTek.DrayTek Vigor 3900 is a broadband router/VPN gateway device.DrayTek Vigor 2960 is a dual-WAN broadband router/VPN gateway.DrayTek Vigor 300B is a Quad-WAN load balanced broadband router running on DrayTek Vigor 300B is a Quad-WAN...
CVE-2024-43027
Affected products: DrayTek Vigor 3900, 2960, and 300B with versions prior to 1.5.1.5_Beta. Vulnerability: command injection via the action parameter in cgi-bin/mainfunction.cgi, as reported by multiple sources. Root cause: input in the action parameter allows execution of arbitrary commands on th...
CVE-2024-43027
DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...
PT-2024-30260 · Draytek · Draytek Vigor300B +2
Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 3900 versions prior to v1.5.1.5 Beta DrayTek Vigor 2960 versions prior to v1.5.1.5 Beta DrayTek Vigor 300B versions prior to v1.5.1.5 Beta Description: A command injection vulnerability was discovered via the action parameter at...
CVE-2024-43027
DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...
New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims
A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access...
CVE-2023-1162
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument password leads to command injectio...
CVE-2023-1162
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument password leads to command injectio...
CVE-2023-1163
UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option...