Vigor3900

This hub aggregates every CVE we track for Vigor3900, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Networking Infrastructure

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH6CRITICAL3

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 9 most recently published vulnerabilities affecting Vigor3900.

CVE-2024-45890DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`8.0Nov 4, 2024
CVE-2024-45887DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`8.0Nov 4, 2024
CVE-2024-51247In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.8.8Nov 1, 2024
CVE-2024-51248In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.8.8Nov 1, 2024
CVE-2024-51244In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.8.8Nov 1, 2024
CVE-2024-51252In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function.9.8Nov 1, 2024
CVE-2024-51245In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.8.8Nov 1, 2024
CVE-2020-15415On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-pyt...KEV9.8Jun 30, 2020
CVE-2020-8515DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharact...KEV9.8Feb 1, 2020

Product normalization is registry-driven with AI assist and human review. How it works