Filtered by vendor Draytek
Subscribe
Total
134 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3040 | 1 Draytek | 2 Vigor300b, Vigor300b Firmware | 2026-06-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor confirms that "300B is EoL, and this is an authenticated vulnerability. We don't plan to fix it." This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-51304 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function. | |||||
| CVE-2024-51301 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function. | |||||
| CVE-2024-51300 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function. | |||||
| CVE-2024-51299 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. | |||||
| CVE-2024-51298 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function. | |||||
| CVE-2024-51296 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. | |||||
| CVE-2024-51260 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function. | |||||
| CVE-2024-51259 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. | |||||
| CVE-2024-51258 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. | |||||
| CVE-2024-51257 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. | |||||
| CVE-2024-51255 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function. | |||||
| CVE-2024-51254 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. | |||||
| CVE-2024-51253 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 8.0 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function. | |||||
| CVE-2024-51252 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. | |||||
| CVE-2024-51251 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 8.0 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. | |||||
| CVE-2024-51249 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 8.0 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function. | |||||
| CVE-2024-51248 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function. | |||||
| CVE-2024-51247 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. | |||||
| CVE-2024-51246 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2026-06-17 | N/A | 8.0 HIGH |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function. | |||||