VYPR

Vigor 2700 Router

by Draytek

CVEs (4)

  • CVE-2025-10547CriOct 3, 2025
    risk 0.64cvss 9.8epss 0.01

    An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.

  • CVE-2022-32548Aug 29, 2022
    risk 0.05cvss epss 0.34

    An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

  • CVE-2023-33778Jun 1, 2023
    risk 0.00cvss epss 0.01

    Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected…

  • CVE-2013-5703Oct 22, 2013
    risk 0.00cvss epss 0.01

    The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js.