CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-46316

DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 77.1%

CVSS Severity

CVSS v3 Score 8.0

References

https://github.com/glkfc/IoT-Vulnerability/blob/main/DaryTek/vigor3900_4.md

Products affected by CVE-2024-46316

Draytek » Vigor3900 » Version: N/A

cpe:2.3:h:draytek:vigor3900:-
Draytek » Vigor3900 Firmware » Version: 1.5.1.6

cpe:2.3:o:draytek:vigor3900_firmware:1.5.1.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-46316

Products

Pricing

Contact Us