CVEDB API

Vulnerabilities

Vulnerable Software

Draytek: Security Vulnerabilities

CVE-2024-45888

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'

CVSS Score

8.0

EPSS Score

0.014

Published

2024-11-04

CVE-2024-45889

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`

CVSS Score

8.0

EPSS Score

0.019

Published

2024-11-04

CVE-2024-45890

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`

CVSS Score

8.0

EPSS Score

0.019

Published

2024-11-04

CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`

CVSS Score

8.0

EPSS Score

0.019

Published

2024-11-04

CVE-2024-45893

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`

CVSS Score

8.0

EPSS Score

0.019

Published

2024-11-04

CVE-2024-45882

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`

CVSS Score

8.0

EPSS Score

0.014

Published

2024-11-04

CVE-2024-45884

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`

CVSS Score

8.0

EPSS Score

0.019

Published

2024-11-04

CVE-2024-51246

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.

CVSS Score

8.0

EPSS Score

0.003

Published

2024-11-04

CVE-2024-51249

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function.

CVSS Score

8.0

EPSS Score

0.003

Published

2024-11-04

CVE-2024-51251

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function.

CVSS Score

8.0

EPSS Score

0.003

Published

2024-11-04

Prev Next

Page 2

Vulnerabilities

Vulnerable Software

Draytek: Security Vulnerabilities

Products

Pricing

Contact Us