DrayTek Vigor 3900, 2960, and 300B < 1.5.1.5 - OS Command Injection via Mainfunction CGI Action Parameter
DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi.