Shodan
Vulnerabilities
Vulnerable Software
Draytek:  >> Vigor3900 Firmware  Security Vulnerabilities
CVE-2024-51249
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-11-04
CVE-2024-51251
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-11-04
CVE-2024-51253
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-11-04
CVE-2024-51252
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-11-01
CVE-2024-51244
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-11-01
CVE-2024-51245
In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-11-01
CVE-2024-51247
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-11-01
CVE-2024-51248
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-11-01
CVE-2024-51255
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-10-31
CVE-2024-51260
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-10-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved