Draytek Vigor3900 Firmware

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Draytek Vigor3900 Firmware.

By the Year

In 2026 there have been 0 vulnerabilities in Draytek Vigor3900 Firmware. Vigor3900 Firmware did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	0	0.00
2024	34	8.94
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	1	9.80

It may take a day or so for new Vigor3900 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Draytek Vigor3900 Firmware Security Vulnerabilities

DrayTek Vigor3900 1.5 CGI Command Injection
CVE-2024-45882 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.`

DrayTek Vigor3900 1.5.1.3 CGI Command Injection
CVE-2024-45884 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`

DrayTek Vigor3900 1.5.1.3 CGI Command Injection
CVE-2024-45885 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`

DrayTek Vigor3900 1.5.1.3 CGI Command Injection
CVE-2024-45887 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`

DrayTek Vigor3900 1.5.1.3 CGI Command Injection
CVE-2024-45893 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`

DrayTek Vigor3900 1.5.1.3 CGI Command Injection
CVE-2024-45891 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection
CVE-2024-45890 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`

DrayTek Vigor3900 1.5.1.3 CGI Command Injection
CVE-2024-45889 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`

DrayTek Vigor3900 CGI Command Injection
CVE-2024-45888 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'

Draytek Vigor3900 1.5.1.3 Command Injection via mainfunction.cgi
CVE-2024-51253 - November 04, 2024

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function.

Draytek Vigor3900 1.5.1.3 Command Injection via CGI
CVE-2024-51249 - November 04, 2024

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function.

Draytek Vigor3900 1.5.1.3 Command Injection via CGI
CVE-2024-51251 - November 04, 2024

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function.

Draytek Vigor3900 1.5.1.3 Command Injection
CVE-2024-51246 - November 04, 2024

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function.

Draytek Vigor3900 1.5.1.3 Command Injection Vulnerability in mainfunction.cgi
CVE-2024-51252 9.8 - Critical - November 01, 2024

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function.

Shell injection

DrayTek Vigor3900 1.5.1.3 Command Injection Vulnerability in mainfunction.cgi
CVE-2024-51245 8.8 - High - November 01, 2024

In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.

Shell injection

Command Injection Vulnerability in Draytek Vigor3900 1.5.1.3 via mainfunction.cgi
CVE-2024-51244 8.8 - High - November 01, 2024

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.

Shell injection

Command Injection Vulnerability in Draytek Vigor3900 1.5.1.3 via mainfunction.cgi
CVE-2024-51247 8.8 - High - November 01, 2024

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.

Shell injection

Draytek Vigor3900 1.5.1.3 Command Injection Vulnerability in mainfunction.cgi
CVE-2024-51248 8.8 - High - November 01, 2024

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.

Shell injection

DrayTek Vigor3900 1.5.1.3 Arbitrary Command Injection via mainfunction.cgi
CVE-2024-51260 - October 31, 2024

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.

Arbitrary Command Injection via mainfunction.cgi in DrayTek Vigor3900 (1.5.1.3)
CVE-2024-51255 - October 31, 2024

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function.

DrayTek Vigor3900 1.5.1.3 cmd injection via setup_cacertificate in mainfunction.cgi
CVE-2024-51259 - October 31, 2024

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function.

Command Injection in DrayTek Vigor3900 1.5.1.3 mainfunction.cgi
CVE-2024-51254 - October 31, 2024

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function.

DrayTek Vigor3900 1.5.1.3 cmd injection via mainfunction.cgi
CVE-2024-51258 - October 30, 2024

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function.

Command Injection in Draytek Vigor3900 1.5.1.3 mainfunction.cgi (get_rrd)
CVE-2024-51300 - October 30, 2024

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function.

DrayTek Vigor3900 1.5.1.3 Remote Command Injection via mainfunction.cgi
CVE-2024-51257 - October 30, 2024

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function.

Arbitrary Command Exec via CGI in Draytek Vigor3900 1.5.1.3
CVE-2024-51296 - October 30, 2024

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function.

Command Injection via doGRETunnel in Draytek Vigor3900 mainfunction.cgi 1.5.1.3
CVE-2024-51298 - October 30, 2024

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function.

Arbitrary Command Injection - Draytek Vigor3900 1.5.1.3 mainfunction.cgi
CVE-2024-51299 - October 30, 2024

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function.

Arbitrary Command Exec via mainfunction.cgi in Draytek Vigor3900 1.5.1.3
CVE-2024-51301 - October 30, 2024

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function.

Command injection via ldap_search_dn in mainfunction.cgi (Vigor3900)
CVE-2024-51304 - October 30, 2024

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.

Command Injection in mainfunction.cgi of DrayTek Vigor3900 1.5.1.3
CVE-2024-48153 - October 14, 2024

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.

Command Injection in DrayTek Vigor3900 v1.5.1.6 (sub_2C920)
CVE-2024-46316 - October 09, 2024

DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message.

DrayTek Vigor3900 Auth Cmd Injection via Run_Command before v1.5.1.6
CVE-2024-44844 8.8 - High - September 06, 2024

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.

Shell injection

DrayTek Vigor3900 v1.5.1.6 CLI Auth Cmd Injection via filter_string
CVE-2024-44845 8.8 - High - September 06, 2024

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.

Shell injection

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload
CVE-2020-15415 9.8 - Critical - June 30, 2020

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.

Shell injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Draytek Vigor3900 Firmware or by Draytek? Click the Watch button to subscribe.

Draytek
Vendor

Draytek Vigor3900 Firmware
Product

Draytek Vigor3900 Firmware

Don't miss out!

By the Year

Recent Draytek Vigor3900 Firmware Security Vulnerabilities

DrayTek Vigor3900 1.5 CGI Command Injection CVE-2024-45882 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection CVE-2024-45884 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection CVE-2024-45885 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection CVE-2024-45887 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection CVE-2024-45893 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection CVE-2024-45891 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection CVE-2024-45890 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection CVE-2024-45889 - November 04, 2024

DrayTek Vigor3900 CGI Command Injection CVE-2024-45888 - November 04, 2024

Draytek Vigor3900 1.5.1.3 Command Injection via mainfunction.cgi CVE-2024-51253 - November 04, 2024

Draytek Vigor3900 1.5.1.3 Command Injection via CGI CVE-2024-51249 - November 04, 2024

Draytek Vigor3900 1.5.1.3 Command Injection via CGI CVE-2024-51251 - November 04, 2024

Draytek Vigor3900 1.5.1.3 Command Injection CVE-2024-51246 - November 04, 2024

Draytek Vigor3900 1.5.1.3 Command Injection Vulnerability in mainfunction.cgi CVE-2024-51252 9.8 - Critical - November 01, 2024

DrayTek Vigor3900 1.5.1.3 Command Injection Vulnerability in mainfunction.cgi CVE-2024-51245 8.8 - High - November 01, 2024

Command Injection Vulnerability in Draytek Vigor3900 1.5.1.3 via mainfunction.cgi CVE-2024-51244 8.8 - High - November 01, 2024

Command Injection Vulnerability in Draytek Vigor3900 1.5.1.3 via mainfunction.cgi CVE-2024-51247 8.8 - High - November 01, 2024

Draytek Vigor3900 1.5.1.3 Command Injection Vulnerability in mainfunction.cgi CVE-2024-51248 8.8 - High - November 01, 2024

DrayTek Vigor3900 1.5.1.3 Arbitrary Command Injection via mainfunction.cgi CVE-2024-51260 - October 31, 2024

Arbitrary Command Injection via mainfunction.cgi in DrayTek Vigor3900 (1.5.1.3) CVE-2024-51255 - October 31, 2024

DrayTek Vigor3900 1.5.1.3 cmd injection via setup_cacertificate in mainfunction.cgi CVE-2024-51259 - October 31, 2024

Command Injection in DrayTek Vigor3900 1.5.1.3 mainfunction.cgi CVE-2024-51254 - October 31, 2024

DrayTek Vigor3900 1.5.1.3 cmd injection via mainfunction.cgi CVE-2024-51258 - October 30, 2024

Command Injection in Draytek Vigor3900 1.5.1.3 mainfunction.cgi (get_rrd) CVE-2024-51300 - October 30, 2024

DrayTek Vigor3900 1.5.1.3 Remote Command Injection via mainfunction.cgi CVE-2024-51257 - October 30, 2024

Arbitrary Command Exec via CGI in Draytek Vigor3900 1.5.1.3 CVE-2024-51296 - October 30, 2024

Command Injection via doGRETunnel in Draytek Vigor3900 mainfunction.cgi 1.5.1.3 CVE-2024-51298 - October 30, 2024

Arbitrary Command Injection - Draytek Vigor3900 1.5.1.3 mainfunction.cgi CVE-2024-51299 - October 30, 2024

Arbitrary Command Exec via mainfunction.cgi in Draytek Vigor3900 1.5.1.3 CVE-2024-51301 - October 30, 2024

Command injection via ldap_search_dn in mainfunction.cgi (Vigor3900) CVE-2024-51304 - October 30, 2024

Command Injection in mainfunction.cgi of DrayTek Vigor3900 1.5.1.3 CVE-2024-48153 - October 14, 2024

Command Injection in DrayTek Vigor3900 v1.5.1.6 (sub_2C920) CVE-2024-46316 - October 09, 2024

DrayTek Vigor3900 Auth Cmd Injection via Run_Command before v1.5.1.6 CVE-2024-44844 8.8 - High - September 06, 2024

DrayTek Vigor3900 v1.5.1.6 CLI Auth Cmd Injection via filter_string CVE-2024-44845 8.8 - High - September 06, 2024

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload CVE-2020-15415 9.8 - Critical - June 30, 2020

Stay on top of Security Vulnerabilities

Draytek Vendor

Draytek Vigor3900 FirmwareProduct

DrayTek Vigor3900 1.5 CGI Command Injection
CVE-2024-45882 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection
CVE-2024-45884 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection
CVE-2024-45885 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection
CVE-2024-45887 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection
CVE-2024-45893 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection
CVE-2024-45891 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection
CVE-2024-45890 - November 04, 2024

DrayTek Vigor3900 1.5.1.3 CGI Command Injection
CVE-2024-45889 - November 04, 2024

DrayTek Vigor3900 CGI Command Injection
CVE-2024-45888 - November 04, 2024

Draytek Vigor3900 1.5.1.3 Command Injection via mainfunction.cgi
CVE-2024-51253 - November 04, 2024

Draytek Vigor3900 1.5.1.3 Command Injection via CGI
CVE-2024-51249 - November 04, 2024

Draytek Vigor3900 1.5.1.3 Command Injection via CGI
CVE-2024-51251 - November 04, 2024

Draytek Vigor3900 1.5.1.3 Command Injection
CVE-2024-51246 - November 04, 2024

Draytek Vigor3900 1.5.1.3 Command Injection Vulnerability in mainfunction.cgi
CVE-2024-51252 9.8 - Critical - November 01, 2024

DrayTek Vigor3900 1.5.1.3 Command Injection Vulnerability in mainfunction.cgi
CVE-2024-51245 8.8 - High - November 01, 2024

Command Injection Vulnerability in Draytek Vigor3900 1.5.1.3 via mainfunction.cgi
CVE-2024-51244 8.8 - High - November 01, 2024

Command Injection Vulnerability in Draytek Vigor3900 1.5.1.3 via mainfunction.cgi
CVE-2024-51247 8.8 - High - November 01, 2024

Draytek Vigor3900 1.5.1.3 Command Injection Vulnerability in mainfunction.cgi
CVE-2024-51248 8.8 - High - November 01, 2024

DrayTek Vigor3900 1.5.1.3 Arbitrary Command Injection via mainfunction.cgi
CVE-2024-51260 - October 31, 2024

Arbitrary Command Injection via mainfunction.cgi in DrayTek Vigor3900 (1.5.1.3)
CVE-2024-51255 - October 31, 2024

DrayTek Vigor3900 1.5.1.3 cmd injection via setup_cacertificate in mainfunction.cgi
CVE-2024-51259 - October 31, 2024

Command Injection in DrayTek Vigor3900 1.5.1.3 mainfunction.cgi
CVE-2024-51254 - October 31, 2024

DrayTek Vigor3900 1.5.1.3 cmd injection via mainfunction.cgi
CVE-2024-51258 - October 30, 2024

Command Injection in Draytek Vigor3900 1.5.1.3 mainfunction.cgi (get_rrd)
CVE-2024-51300 - October 30, 2024

DrayTek Vigor3900 1.5.1.3 Remote Command Injection via mainfunction.cgi
CVE-2024-51257 - October 30, 2024

Arbitrary Command Exec via CGI in Draytek Vigor3900 1.5.1.3
CVE-2024-51296 - October 30, 2024

Command Injection via doGRETunnel in Draytek Vigor3900 mainfunction.cgi 1.5.1.3
CVE-2024-51298 - October 30, 2024

Arbitrary Command Injection - Draytek Vigor3900 1.5.1.3 mainfunction.cgi
CVE-2024-51299 - October 30, 2024

Arbitrary Command Exec via mainfunction.cgi in Draytek Vigor3900 1.5.1.3
CVE-2024-51301 - October 30, 2024

Command injection via ldap_search_dn in mainfunction.cgi (Vigor3900)
CVE-2024-51304 - October 30, 2024

Command Injection in mainfunction.cgi of DrayTek Vigor3900 1.5.1.3
CVE-2024-48153 - October 14, 2024

Command Injection in DrayTek Vigor3900 v1.5.1.6 (sub_2C920)
CVE-2024-46316 - October 09, 2024

DrayTek Vigor3900 Auth Cmd Injection via Run_Command before v1.5.1.6
CVE-2024-44844 8.8 - High - September 06, 2024

DrayTek Vigor3900 v1.5.1.6 CLI Auth Cmd Injection via filter_string
CVE-2024-44845 8.8 - High - September 06, 2024

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload
CVE-2020-15415 9.8 - Critical - June 30, 2020

Draytek
Vendor

Draytek Vigor3900 Firmware
Product