OpenCVE

Filtered by vendor Draytek Subscriptions

Filtered by product Vigor3900 Firmware Subscriptions

Total 47 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-51258	1 Draytek	1 Vigor3900 Firmware	2024-11-01	8.8 High
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function.
CVE-2024-51257	1 Draytek	1 Vigor3900 Firmware	2024-11-01	8.8 High
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function.
CVE-2024-48153	1 Draytek	1 Vigor3900 Firmware	2024-10-17	9.8 Critical
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.
CVE-2024-46316	1 Draytek	1 Vigor3900 Firmware	2024-10-10	8 High
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message.
CVE-2024-44844	1 Draytek	2 Vigor3900, Vigor3900 Firmware	2024-09-11	8 High
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
CVE-2024-44845	1 Draytek	2 Vigor3900, Vigor3900 Firmware	2024-09-11	8 High
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
CVE-2024-43027	1 Draytek	3 Vigor2960 Firmware, Vigor300b Firmware, Vigor3900 Firmware	2024-08-23	8 High
DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi.

« first previous Page 3 of 3.