Shodan
Vulnerabilities
Vulnerable Software
Draytek:  Security Vulnerabilities
CVE-2024-51258
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-10-30
CVE-2024-51257
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-10-30
CVE-2024-51296
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-10-30
CVE-2024-51298
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-10-30
CVE-2024-51299
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-10-30
CVE-2024-51300
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-10-30
CVE-2024-51301
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-10-30
CVE-2024-51304
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-10-30
CVE-2024-48074
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function.
CVSS Score
8.0
EPSS Score
0.006
Published
2024-10-28
CVE-2024-48153
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-10-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved