Vulnerabilities > Draytek > Vigor3900 Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-01 | CVE-2024-51244 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.3 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function. | 8.8 |
| 2024-11-01 | CVE-2024-51245 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.3 In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. | 8.8 |
| 2024-11-01 | CVE-2024-51247 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.3 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. | 8.8 |
| 2024-11-01 | CVE-2024-51248 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.3 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function. | 8.8 |
| 2024-09-06 | CVE-2024-44844 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6 DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function. | 8.8 |
| 2024-09-06 | CVE-2024-44845 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6 DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function. | 8.8 |