OpenCVE

Filtered by vendor Draytek Subscriptions

Total 124 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-51248	1 Draytek	2 Vigor3900, Vigor3900 Firmware	2024-11-05	8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.
CVE-2024-51247	1 Draytek	2 Vigor3900, Vigor3900 Firmware	2024-11-05	8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.
CVE-2024-51245	1 Draytek	2 Vigor3900, Vigor3900 Firmware	2024-11-05	8 High
In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.
CVE-2024-51244	1 Draytek	2 Vigor3900, Vigor3900 Firmware	2024-11-05	8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.
CVE-2024-45891	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`
CVE-2024-45887	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`
CVE-2024-45893	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`
CVE-2024-51253	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function.
CVE-2024-45890	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`
CVE-2024-45885	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`
CVE-2024-51249	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function.
CVE-2024-45889	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`
CVE-2024-51251	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function.
CVE-2024-45882	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`
CVE-2024-51246	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.
CVE-2024-45888	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'
CVE-2024-45884	1 Draytek	1 Vigor3900 Firmware	2024-11-04	8 High
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`
CVE-2024-51300	1 Draytek	1 Vigor3900 Firmware	2024-11-01	8.8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function.
CVE-2024-51304	1 Draytek	1 Vigor3900 Firmware	2024-11-01	8.8 High
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.
CVE-2024-51259	1 Draytek	1 Vigor3900 Firmware	2024-11-01	9.8 Critical
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function.

« first previous Page 3 of 7. next last »