fu37kola/cve

GitHub

github.com

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases0

Stars2

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-45885 ↗	Nov 4, 2024Monday, 4 November 2024, 15:15	8 HIGH	—
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`
CVE-2024-45887 ↗	Nov 4, 2024Monday, 4 November 2024, 15:15	8 HIGH	—
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`
CVE-2024-45888 ↗	Nov 4, 2024Monday, 4 November 2024, 15:15	8 HIGH	—
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'
CVE-2024-45889 ↗	Nov 4, 2024Monday, 4 November 2024, 15:15	8 HIGH	—
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`
CVE-2024-45890 ↗	Nov 4, 2024Monday, 4 November 2024, 15:15	8 HIGH	—
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`
CVE-2024-45891 ↗	Nov 4, 2024Monday, 4 November 2024, 15:15	8 HIGH	—
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`
CVE-2024-45893 ↗	Nov 4, 2024Monday, 4 November 2024, 15:15	8 HIGH	—
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`
CVE-2024-45882 ↗	Nov 4, 2024Monday, 4 November 2024, 15:15	8 HIGH	—
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`
CVE-2024-45884 ↗	Nov 4, 2024Monday, 4 November 2024, 15:15	8 HIGH	—
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`
CVE-2024-51249 ↗	Nov 4, 2024Monday, 4 November 2024, 14:15	8 HIGH	—
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function.
CVE-2024-51246 ↗	Nov 4, 2024Monday, 4 November 2024, 14:15	8 HIGH	—
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.
CVE-2024-51253 ↗	Nov 4, 2024Monday, 4 November 2024, 14:15	8 HIGH	—
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function.
CVE-2024-51251 ↗	Nov 4, 2024Monday, 4 November 2024, 14:15	8 HIGH	—
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function.
CVE-2024-51252 ↗	Nov 1, 2024Friday, 1 November 2024, 18:15	9.8 CRITICAL	—
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function.
CVE-2024-51244 ↗	Nov 1, 2024Friday, 1 November 2024, 17:15	8.8 HIGH	—
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.
CVE-2024-51245 ↗	Nov 1, 2024Friday, 1 November 2024, 17:15	8.8 HIGH	—
In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.
CVE-2024-51247 ↗	Nov 1, 2024Friday, 1 November 2024, 17:15	8.8 HIGH	—
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.
CVE-2024-51248 ↗	Nov 1, 2024Friday, 1 November 2024, 17:15	8.8 HIGH	—
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.
CVE-2024-51260 ↗	Oct 31, 2024Thursday, 31 October 2024, 16:15	9.8 CRITICAL	—
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.
CVE-2024-51255 ↗	Oct 31, 2024Thursday, 31 October 2024, 16:15	9.8 CRITICAL	—
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function.
CVE-2024-51254 ↗	Oct 31, 2024Thursday, 31 October 2024, 14:15	8.8 HIGH	—
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function.
CVE-2024-51259 ↗	Oct 31, 2024Thursday, 31 October 2024, 14:15	9.8 CRITICAL	—
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function.
CVE-2024-51258 ↗	Oct 30, 2024Wednesday, 30 October 2024, 17:15	8.8 HIGH	—
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function.
CVE-2024-51299 ↗	Oct 30, 2024Wednesday, 30 October 2024, 14:15	8.8 HIGH	—
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function.
CVE-2024-51257 ↗	Oct 30, 2024Wednesday, 30 October 2024, 14:15	8.8 HIGH	—
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function.
CVE-2024-51296 ↗	Oct 30, 2024Wednesday, 30 October 2024, 14:15	8.8 HIGH	—
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function.
CVE-2024-51298 ↗	Oct 30, 2024Wednesday, 30 October 2024, 14:15	9.8 CRITICAL	—
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function.
CVE-2024-51300 ↗	Oct 30, 2024Wednesday, 30 October 2024, 14:15	8.8 HIGH	—
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function.
CVE-2024-51301 ↗	Oct 30, 2024Wednesday, 30 October 2024, 14:15	8.8 HIGH	—
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function.
CVE-2024-51304 ↗	Oct 30, 2024Wednesday, 30 October 2024, 13:15	8.8 HIGH	—
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.
CVE-2024-48168 ↗	Oct 14, 2024Monday, 14 October 2024, 17:15	9.8 CRITICAL	—
A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code.
CVE-2024-48150 ↗	Oct 14, 2024Monday, 14 October 2024, 16:15	9.8 CRITICAL	—
D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.