Shodan
Vulnerabilities
Vulnerable Software
Draytek:  >> Vigor3900 Firmware  Security Vulnerabilities
CVE-2024-45885
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`
CVSS Score
8.0
EPSS Score
0.042
Published
2024-11-04
CVE-2024-45887
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`
CVSS Score
8.0
EPSS Score
0.042
Published
2024-11-04
CVE-2024-45888
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'
CVSS Score
8.0
EPSS Score
0.035
Published
2024-11-04
CVE-2024-45889
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`
CVSS Score
8.0
EPSS Score
0.042
Published
2024-11-04
CVE-2024-45890
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`
CVSS Score
8.0
EPSS Score
0.042
Published
2024-11-04
CVE-2024-45891
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`
CVSS Score
8.0
EPSS Score
0.042
Published
2024-11-04
CVE-2024-45893
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`
CVSS Score
8.0
EPSS Score
0.042
Published
2024-11-04
CVE-2024-45882
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`
CVSS Score
8.0
EPSS Score
0.035
Published
2024-11-04
CVE-2024-45884
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`
CVSS Score
8.0
EPSS Score
0.042
Published
2024-11-04
CVE-2024-51246
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-11-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved