OpenCVE

Filtered by vendor Draytek Subscriptions

Filtered by product Vigor3900 Firmware Subscriptions

Total 47 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-45888	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'
CVE-2024-45889	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`
CVE-2024-45890	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`
CVE-2024-45891	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`
CVE-2024-51246	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.
CVE-2024-45893	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`
CVE-2024-51249	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function.
CVE-2024-51251	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function.
CVE-2024-45885	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`
CVE-2024-45884	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`
CVE-2024-51253	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function.
CVE-2024-51301	1 Draytek	1 Vigor3900 Firmware	2024-11-01	8.8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function.
CVE-2024-51254	1 Draytek	1 Vigor3900 Firmware	2024-11-01	8.8 High
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function.
CVE-2024-51296	1 Draytek	1 Vigor3900 Firmware	2024-11-01	8.8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function.
CVE-2024-51255	1 Draytek	1 Vigor3900 Firmware	2024-11-01	9.8 Critical
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function.
CVE-2024-51260	1 Draytek	1 Vigor3900 Firmware	2024-11-01	9.8 Critical
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.
CVE-2024-51259	1 Draytek	1 Vigor3900 Firmware	2024-11-01	9.8 Critical
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function.
CVE-2024-51299	1 Draytek	1 Vigor3900 Firmware	2024-11-01	8.8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function.
CVE-2024-51300	1 Draytek	1 Vigor3900 Firmware	2024-11-01	8.8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function.
CVE-2024-51304	1 Draytek	1 Vigor3900 Firmware	2024-11-01	8.8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.

« first previous Page 2 of 3. next last »