Shodan
Vulnerabilities
Vulnerable Software
Draytek:  >> Vigor3900 Firmware  Security Vulnerabilities
CVE-2024-51254
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-10-31
CVE-2024-51259
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-10-31
CVE-2024-51258
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-10-30
CVE-2024-51257
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-10-30
CVE-2024-51296
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-10-30
CVE-2024-51298
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-10-30
CVE-2024-51299
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-10-30
CVE-2024-51300
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-10-30
CVE-2024-51301
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-10-30
CVE-2024-51304
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-10-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved