What is CVE-2021-43118?

CVE-2021-43118 is a Remote Command Injection vulnerability in DrayTek Vigor routers.

How does CVE-2021-43118 affect DrayTek Vigor 2960?

CVE-2021-43118 affects DrayTek Vigor 2960 1.5.1.3 firmware by allowing remote attackers to execute arbitrary code.

What is the severity of CVE-2021-43118?

CVE-2021-43118 has a severity rating of 9.8 (Critical).

How can I fix CVE-2021-43118?

To fix CVE-2021-43118, update DrayTek Vigor 2960 firmware to version 1.5.1.4 or later.

Are DrayTek Vigor 3900 and DrayTek Vigor 300B affected by CVE-2021-43118?

Yes, DrayTek Vigor 3900 1.5.1.3 firmware and DrayTek Vigor 300B 1.5.1.3 firmware are also affected by CVE-2021-43118.

Vulnerability/
CVE-2021-43118

critical

9.8

CWE

29/3/2022

4/8/2024

CVE-2021-43118: Command Injection

First published: Tue Mar 29 2022(Updated: )

A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Draytek Vigor2960 Firmware	=1.5.1.3
DrayTek Vigor2960
Draytek Vigor3900 Firmware	=1.5.1.3
DrayTek Vigor3900
Draytek Vigor300b Firmware	=1.5.1.3
Draytek Vigor300b

Never miss a vulnerability like this again

Reference Links

https://gist.github.com/Cossack9989/6034c077f46e4f06d0992e9f2fae7f26

Frequently Asked Questions

What is CVE-2021-43118?
CVE-2021-43118 is a Remote Command Injection vulnerability in DrayTek Vigor routers.
How does CVE-2021-43118 affect DrayTek Vigor 2960?
CVE-2021-43118 affects DrayTek Vigor 2960 1.5.1.3 firmware by allowing remote attackers to execute arbitrary code.
What is the severity of CVE-2021-43118?
CVE-2021-43118 has a severity rating of 9.8 (Critical).
How can I fix CVE-2021-43118?
To fix CVE-2021-43118, update DrayTek Vigor 2960 firmware to version 1.5.1.4 or later.
Are DrayTek Vigor 3900 and DrayTek Vigor 300B affected by CVE-2021-43118?
Yes, DrayTek Vigor 3900 1.5.1.3 firmware and DrayTek Vigor 300B 1.5.1.3 firmware are also affected by CVE-2021-43118.

agent/type
agent/first-publish-date
agent/last-modified-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/severity
agent/weakness
agent/author
agent/softwarecombine
agent/tags
agent/description
agent/event
agent/references
collector/mitre-cve
source/MITRE
vendor/draytek
canonical/draytek vigor2960 firmware
version/draytek vigor2960 firmware/1.5.1.3
canonical/draytek vigor2960
canonical/draytek vigor3900 firmware
version/draytek vigor3900 firmware/1.5.1.3
canonical/draytek vigor3900
canonical/draytek vigor300b firmware
version/draytek vigor300b firmware/1.5.1.3
canonical/draytek vigor300b

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.