Draytek

Vigor300b Firmware

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2026-3040

Exploit
  • EPSS 0.28%
  • Veröffentlicht 23.02.2026 22:02:07
  • Zuletzt bearbeitet 26.02.2026 16:11:00

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os co...

9.8

CVE-2024-12987

Warnung Medienbericht Exploit
  • EPSS 79.52%
  • Veröffentlicht 27.12.2024 16:15:24
  • Zuletzt bearbeitet 30.10.2025 19:53:36

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of...

9.8

CVE-2024-12986

Exploit
  • EPSS 70.29%
  • Veröffentlicht 27.12.2024 16:15:23
  • Zuletzt bearbeitet 28.05.2025 20:21:24

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interf...

8

CVE-2024-43027

Exploit
  • EPSS 0.7%
  • Veröffentlicht 21.08.2024 16:15:08
  • Zuletzt bearbeitet 03.06.2025 14:09:46

DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi.

9.8

CVE-2021-43118

Exploit
  • EPSS 32.08%
  • Veröffentlicht 29.03.2022 20:15:07
  • Zuletzt bearbeitet 21.11.2024 06:28:42

A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malic...

9.8

CVE-2021-42911

Exploit
  • EPSS 3.87%
  • Veröffentlicht 29.03.2022 20:15:07
  • Zuletzt bearbeitet 21.11.2024 06:28:17

A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remot...

9.8

CVE-2020-15415

Warnung Exploit
  • EPSS 93%
  • Veröffentlicht 30.06.2020 14:15:11
  • Zuletzt bearbeitet 07.11.2025 19:32:15

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue th...

9.8

CVE-2020-14473

Exploit
  • EPSS 0.89%
  • Veröffentlicht 24.06.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:03:20

Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.

9.8

CVE-2020-14472

Exploit
  • EPSS 2.67%
  • Veröffentlicht 24.06.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:03:20

On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.

9.8

CVE-2020-14993

Exploit
  • EPSS 11.64%
  • Veröffentlicht 23.06.2020 12:15:13
  • Zuletzt bearbeitet 21.11.2024 05:04:35

A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.