Filtered by vendor Draytek Subscriptions
Filtered by product Vigor3900 Firmware Subscriptions
Total 47 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-51257 1 Draytek 1 Vigor3900 Firmware 2024-11-01 8.8 High
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function.
CVE-2024-51258 1 Draytek 1 Vigor3900 Firmware 2024-11-01 8.8 High
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function.
CVE-2024-48153 1 Draytek 1 Vigor3900 Firmware 2024-10-17 9.8 Critical
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.
CVE-2024-46316 1 Draytek 1 Vigor3900 Firmware 2024-10-10 8 High
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message.
CVE-2024-44844 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2024-09-11 8 High
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
CVE-2024-44845 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2024-09-11 8 High
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
CVE-2024-43027 1 Draytek 3 Vigor2960 Firmware, Vigor300b Firmware, Vigor3900 Firmware 2024-08-23 8 High
DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi.