CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi.

CVSS

No CVSS.

References

Link	Resource
https://github.com/N1nEmAn/wp/blob/main/V3900.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*

History

03 Jun 2025, 14:09

Type	Values Removed	Values Added
First Time		Draytek vigor2960 Draytek vigor2960 Firmware Draytek vigor300b Draytek vigor3900 Firmware Draytek vigor300b Firmware Draytek Draytek vigor3900
References	~~() https://github.com/N1nEmAn/wp/blob/main/V3900.md -~~	() https://github.com/N1nEmAn/wp/blob/main/V3900.md - Exploit, Third Party Advisory
CPE		cpe:2.3:o:draytek:vigor300b_firmware:::::::: cpe:2.3:o:draytek:vigor3900_firmware:::::::: cpe:2.3:h:draytek:vigor2960:-:::::::* cpe:2.3:h:draytek:vigor3900:-:::::::* cpe:2.3:o:draytek:vigor2960_firmware:::::::: cpe:2.3:h:draytek:vigor300b:-:::::::*

21 Aug 2024, 17:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-21 16:15

Updated : 2025-06-03 14:09

NVD link : CVE-2024-43027

Mitre link : CVE-2024-43027

JSON object : View

Products Affected

draytek

vigor2960
vigor300b
vigor3900_firmware
vigor300b_firmware
vigor3900
vigor2960_firmware

CWE

No CWE.

JSON object

Attach tags to CVE-2024-43027

Attach tags to `CVE-2024-43027`