Filtered by vendor Draytek
Subscribe
Total
119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46585 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-17 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at usergrp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46571 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-17 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46568 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-17 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46584 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-14 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46560 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-14 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-41591 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-03-14 | N/A | 6.1 MEDIUM |
| DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. | |||||
| CVE-2024-46580 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-14 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46588 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at wizfw.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46554 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46551 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46595 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-41593 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-03-13 | N/A | 9.8 CRITICAL |
| DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. | |||||
| CVE-2024-46557 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46586 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sCloudPass parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46565 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | N/A | 7.5 HIGH |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2021-20124 | 1 Draytek | 1 Vigorconnect | 2025-03-12 | 7.8 HIGH | 7.5 HIGH |
| A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. | |||||
| CVE-2021-20123 | 1 Draytek | 1 Vigorconnect | 2025-03-12 | 7.8 HIGH | 7.5 HIGH |
| A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. | |||||
| CVE-2023-23313 | 1 Draytek | 182 Vigor130, Vigor130 Firmware, Vigor165 and 179 more | 2025-03-07 | N/A | 6.1 MEDIUM |
| Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2. | |||||
| CVE-2020-15415 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2025-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472. | |||||
| CVE-2020-8515 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2025-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1. | |||||