cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-51245,https://securityvulnerability.io/vulnerability/CVE-2024-51245,Command Injection Vulnerability in DrayTek Vigor3900 by DrayTek,"A command injection vulnerability has been identified in the DrayTek Vigor3900 router, specifically in version 1.5.1.3. This flaw allows attackers to inject malicious commands into the mainfunction.cgi script. By exploiting the rename_table function, unauthorized users can execute arbitrary commands on the affected device, potentially compromising the system's security and integrity. Securing impacted systems is critical to prevent unauthorized access and ensure network safety.",Draytek,Vigor3900 Firmware,8.8,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-11-01T00:00:00.000Z,0
CVE-2024-51247,https://securityvulnerability.io/vulnerability/CVE-2024-51247,Remote Command Injection in Draytek Vigor3900,"A vulnerability exists in Draytek Vigor3900 version 1.5.1.3, where malicious actors can exploit the mainfunction.cgi component to inject harmful commands. By targeting the doPPPo function, attackers could execute arbitrary commands, potentially compromising the device's integrity and security. This flaw underscores the importance of timely security updates and proactive measures to safeguard networked devices.",Draytek,Vigor3900 Firmware,8.8,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-11-01T00:00:00.000Z,0
CVE-2024-51248,https://securityvulnerability.io/vulnerability/CVE-2024-51248,Command Injection Vulnerability in Draytek Vigor3900 by Draytek,"In Draytek Vigor3900 version 1.5.1.3, a security flaw allows attackers to inject malicious commands via the mainfunction.cgi script. This vulnerability primarily exploits the modifyrow function, which may lead to unauthorized execution of arbitrary commands on the affected system. Such exploits can have serious implications for system integrity and confidentiality, necessitating prompt remediation.",Draytek,Vigor3900 Firmware,8.8,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-11-01T00:00:00.000Z,0
CVE-2024-51252,https://securityvulnerability.io/vulnerability/CVE-2024-51252,Command Injection Vulnerability in Draytek Vigor3900,"A command injection vulnerability has been identified in Draytek Vigor3900 version 1.5.1.3. This issue allows remote attackers to inject malicious commands through the mainfunction.cgi interface, effectively enabling the execution of arbitrary commands by invoking the restore function. This exploitation may compromise the integrity and security of the affected device, presenting significant risks to network environments reliant on vulnerable versions of the product.",Draytek,Vigor3900 Firmware,9.8,CRITICAL,0.0011099999537691474,false,,false,false,false,,,false,false,,2024-11-01T00:00:00.000Z,0
CVE-2024-51244,https://securityvulnerability.io/vulnerability/CVE-2024-51244,Command Injection Vulnerability in Draytek Vigor3900 Router,"A vulnerability exists in Draytek Vigor3900 version 1.5.1.3 that allows attackers to perform command injection through the mainfunction.cgi script. By invoking the doIPSec function, malicious actors can inject and execute arbitrary commands on the affected device, potentially leading to unauthorized access and control over network operations. Users of this product are urged to review their security protocols and assess their exposure to this vulnerability.",Draytek,Vigor3900 Firmware,8.8,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-11-01T00:00:00.000Z,0
CVE-2024-44844,https://securityvulnerability.io/vulnerability/CVE-2024-44844,Vulnerability in DrayTek Vigor3900 Discovered,"An authenticated command injection vulnerability in DrayTek Vigor3900, version 1.5.1.6, allows an authenticated attacker to execute arbitrary commands on the system through improper handling of the name parameter in the run_command function. This security flaw could be exploited to manipulate the device's functionality, leading to unauthorized actions within the network.",DrayTek,Vigor3900 Firmware,8.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-09-06T21:15:00.000Z,0
CVE-2024-44845,https://securityvulnerability.io/vulnerability/CVE-2024-44845,Authenticated Command Injection Vulnerability in DrayTek Vigor3900 v1.5.1.6,"The DrayTek Vigor3900 is vulnerable to an authenticated command injection issue that arises from improper handling of user input, specifically through the value parameter in the filter_string function. This flaw can potentially allow an attacker with authenticated access to execute arbitrary commands on the device, leading to unauthorized actions and compromising the security of the network managed by the Vigor3900. Users of affected versions are advised to apply necessary security patches to mitigate the risks associated with this vulnerability.",DrayTek,Vigor3900 Firmware,8.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-09-06T21:15:00.000Z,0
CVE-2020-15415,https://securityvulnerability.io/vulnerability/CVE-2020-15415,Remote Command Execution Vulnerability in DrayTek Vigor Devices,"The DrayTek Vigor3900, Vigor2960, and Vigor300B devices prior to version 1.5.1 are susceptible to a remote command execution vulnerability. This issue occurs in the cgi-bin/mainfunction.cgi/cvmcfgupload functionality, where an attacker can exploit shell metacharacters in a filename when an improper content type, specifically text/x-python-script, is utilized. This vulnerability allows unauthorized individuals to execute arbitrary commands on the affected system, posing significant security risks.",Draytek,Vigor3900 Firmware,9.8,CRITICAL,0.9361699819564819,true,2024-09-30T00:00:00.000Z,false,false,true,2024-09-30T00:00:00.000Z,,false,false,,2020-06-30T13:37:56.000Z,0