CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-43118

A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.384

EPSS Ranking 97.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2021-43118

Draytek » Vigor2960 » Version: N/A

cpe:2.3:h:draytek:vigor2960:-
Draytek » Vigor300b » Version: N/A

cpe:2.3:h:draytek:vigor300b:-
Draytek » Vigor3900 » Version: N/A

cpe:2.3:h:draytek:vigor3900:-
Draytek » Vigor2960 Firmware » Version: 1.5.1.3

cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.3
Draytek » Vigor300b Firmware » Version: 1.5.1.3

cpe:2.3:o:draytek:vigor300b_firmware:1.5.1.3
Draytek » Vigor3900 Firmware » Version: 1.5.1.3

cpe:2.3:o:draytek:vigor3900_firmware:1.5.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-43118

Products

Pricing

Contact Us