CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51259
https://notcve.org/view.php?id=CVE-2024-51259
31 Oct 2024 — DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51260
https://notcve.org/view.php?id=CVE-2024-51260
31 Oct 2024 — DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51257
https://notcve.org/view.php?id=CVE-2024-51257
30 Oct 2024 — DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. DrayTek Vigor3900 1.5.1.3 permite a los atacantes inyectar comandos maliciosos en mainfunction.cgi y ejecutar comandos arbitrarios llamando a la función doCertificate. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51258
https://notcve.org/view.php?id=CVE-2024-51258
30 Oct 2024 — DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. DrayTek Vigor3900 1.5.1.3 permite a los atacantes inyectar comandos maliciosos en mainfunction.cgi y ejecutar comandos arbitrarios llamando a la función doSSLTunnel. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51296
https://notcve.org/view.php?id=CVE-2024-51296
30 Oct 2024 — In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. En Draytek Vigor3900 1.5.1.3, los atacantes pueden inyectar comandos maliciosos en mainfunction.cgi y ejecutar comandos arbitrarios llamando a la función pingtrace. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51299
https://notcve.org/view.php?id=CVE-2024-51299
30 Oct 2024 — In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. En Draytek Vigor3900 1.5.1.3, los atacantes pueden inyectar comandos maliciosos en mainfunction.cgi y ejecutar comandos arbitrarios llamando a la función dumpSyslog. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51300
https://notcve.org/view.php?id=CVE-2024-51300
30 Oct 2024 — In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function. En Draytek Vigor3900 1.5.1.3, los atacantes pueden inyectar comandos maliciosos en mainfunction.cgi y ejecutar comandos arbitrarios llamando a la función get_rrd. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51301
https://notcve.org/view.php?id=CVE-2024-51301
30 Oct 2024 — In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function. En Draytek Vigor3900 1.5.1.3, los atacantes pueden inyectar comandos maliciosos en mainfunction.cgi y ejecutar comandos arbitrarios llamando a la función packet_monitor. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51304
https://notcve.org/view.php?id=CVE-2024-51304
30 Oct 2024 — In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function. En Draytek Vigor3900 1.5.1.3, los atacantes pueden inyectar comandos maliciosos en mainfunction.cgi y ejecutar comandos arbitrarios llamando a la función ldap_search_dn. • https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48153
https://notcve.org/view.php?id=CVE-2024-48153
14 Oct 2024 — DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. • https://github.com/tw11ty/CVE/blob/main/DrayTek/Vigor3900/Vigor3900%20command%20execution%20vulnerability.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •