Vigor3900 Firmware

vigor3900_firmware

Vendor: Draytek • 48 CVEs

CVEs (48)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-45893 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`
CVE-2024-45891 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`
CVE-2024-45890 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`
CVE-2024-45889 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`
CVE-2024-45888 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'
CVE-2024-45887 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`
CVE-2024-45885 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`
CVE-2024-45884 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`
CVE-2024-45882 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`
CVE-2024-51253 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function.
CVE-2024-51251 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function.
CVE-2024-51249 1Draytek 1Vigor3900 Firmware Apr 11, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function.
CVE-2024-51246 1Draytek 1Vigor3900 Firmware Apr 11, 2025 Nov 4, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.
CVE-2024-51252 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function.
CVE-2024-51248 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.
CVE-2024-51247 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.
CVE-2024-51245 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.
CVE-2024-51244 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.
CVE-2024-51260 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 31, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.
CVE-2024-51255 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 31, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function.

12 3 Next