CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Draytek: >> Vigor300b Firmware >> 1.5.1.1 Security Vulnerabilities

CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi.

CVSS Score

8.0

EPSS Score

0.028

Published

2024-08-21

CVE-2021-42911

A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code.

CVSS Score

9.8

EPSS Score

0.125

Published

2022-03-29

Page 1

Vulnerabilities

Vulnerable Software

Draytek: >> Vigor300b Firmware >> 1.5.1.1 Security Vulnerabilities

Products

Pricing

Contact Us