Draytek: >> Vigor3900 Firmware >> 1.5.1.6 Security Vulnerabilities
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message.
CVSS Score
8.0
EPSS Score
0.011
Published
2024-10-09
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
CVSS Score
8.8
EPSS Score
0.059
Published
2024-09-06
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
CVSS Score
8.8
EPSS Score
0.059
Published
2024-09-06