Draytek

Vigor2960 Firmware

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-12987

Warnung Medienbericht Exploit
  • EPSS 79.52%
  • Veröffentlicht 27.12.2024 16:15:24
  • Zuletzt bearbeitet 30.10.2025 19:53:36

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of...

9.8

CVE-2024-12986

Exploit
  • EPSS 70.29%
  • Veröffentlicht 27.12.2024 16:15:23
  • Zuletzt bearbeitet 28.05.2025 20:21:24

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interf...

8

CVE-2024-48074

Exploit
  • EPSS 0.16%
  • Veröffentlicht 28.10.2024 12:15:15
  • Zuletzt bearbeitet 17.05.2025 02:14:47

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is e...

8

CVE-2024-43027

Exploit
  • EPSS 0.7%
  • Veröffentlicht 21.08.2024 16:15:08
  • Zuletzt bearbeitet 03.06.2025 14:09:46

DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi.

8.1

CVE-2023-6265

Exploit
  • EPSS 0.32%
  • Veröffentlicht 22.11.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:43:29

** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to del...

7.8

CVE-2023-24229

Exploit
  • EPSS 1.08%
  • Veröffentlicht 15.03.2023 18:15:10
  • Zuletzt bearbeitet 21.11.2024 07:47:36

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that ar...

5.5

CVE-2023-1009

Exploit
  • EPSS 3.45%
  • Veröffentlicht 24.02.2023 11:15:10
  • Zuletzt bearbeitet 21.11.2024 07:38:16

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manip...

9.8

CVE-2021-43118

Exploit
  • EPSS 32.08%
  • Veröffentlicht 29.03.2022 20:15:07
  • Zuletzt bearbeitet 21.11.2024 06:28:42

A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malic...

9.8

CVE-2021-42911

Exploit
  • EPSS 3.87%
  • Veröffentlicht 29.03.2022 20:15:07
  • Zuletzt bearbeitet 21.11.2024 06:28:17

A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remot...

8.8

CVE-2020-19664

Exploit
  • EPSS 15.18%
  • Veröffentlicht 31.12.2020 02:15:12
  • Zuletzt bearbeitet 21.11.2024 05:09:18

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.