CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51254
https://notcve.org/view.php?id=CVE-2024-51254
31 Oct 2024 — DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51255
https://notcve.org/view.php?id=CVE-2024-51255
31 Oct 2024 — DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51259
https://notcve.org/view.php?id=CVE-2024-51259
31 Oct 2024 — DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51260
https://notcve.org/view.php?id=CVE-2024-51260
31 Oct 2024 — DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51257
https://notcve.org/view.php?id=CVE-2024-51257
30 Oct 2024 — DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. DrayTek Vigor3900 1.5.1.3 permite a los atacantes inyectar comandos maliciosos en mainfunction.cgi y ejecutar comandos arbitrarios llamando a la función doCertificate. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51258
https://notcve.org/view.php?id=CVE-2024-51258
30 Oct 2024 — DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. DrayTek Vigor3900 1.5.1.3 permite a los atacantes inyectar comandos maliciosos en mainfunction.cgi y ejecutar comandos arbitrarios llamando a la función doSSLTunnel. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51296
https://notcve.org/view.php?id=CVE-2024-51296
30 Oct 2024 — In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. En Draytek Vigor3900 1.5.1.3, los atacantes pueden inyectar comandos maliciosos en mainfunction.cgi y ejecutar comandos arbitrarios llamando a la función pingtrace. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51298
https://notcve.org/view.php?id=CVE-2024-51298
30 Oct 2024 — In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function. En Draytek Vigor3900 1.5.1.3, los atacantes pueden inyectar comandos maliciosos en mainfunction.cgi y ejecutar comandos arbitrarios llamando a la función doGRETunnel. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51299
https://notcve.org/view.php?id=CVE-2024-51299
30 Oct 2024 — In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. En Draytek Vigor3900 1.5.1.3, los atacantes pueden inyectar comandos maliciosos en mainfunction.cgi y ejecutar comandos arbitrarios llamando a la función dumpSyslog. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51300
https://notcve.org/view.php?id=CVE-2024-51300
30 Oct 2024 — In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function. En Draytek Vigor3900 1.5.1.3, los atacantes pueden inyectar comandos maliciosos en mainfunction.cgi y ejecutar comandos arbitrarios llamando a la función get_rrd. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •