Vendor CVEs
Draytek
All CVEs
137 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-51300 | 0.00 | — | 0.01 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function. | |||
| CVE-2024-51296 | 0.00 | — | 0.01 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. | |||
| CVE-2024-51298 | 0.00 | — | 0.01 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function. | |||
| CVE-2024-51299 | 0.00 | — | 0.01 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. | |||
| CVE-2024-51301 | 0.00 | — | 0.01 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function. | |||
| CVE-2024-51258 | 0.00 | — | 0.01 | Oct 30, 2024 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. | |||
| CVE-2024-51257 | 0.00 | — | 0.00 | Oct 30, 2024 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. | |||
| CVE-2024-51304 | 0.00 | — | 0.01 | Oct 30, 2024 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function. | |||
| CVE-2024-48074 | 0.00 | — | 0.01 | Oct 28, 2024 | An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system… | |||
| CVE-2024-48153 | 0.00 | — | 0.01 | Oct 14, 2024 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. | |||
| CVE-2024-46316 | 0.00 | — | 0.01 | Oct 9, 2024 | DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message. | |||
| CVE-2024-41594 | 0.00 | — | 0.00 | Oct 3, 2024 | An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. | |||
| CVE-2024-41591 | 0.00 | — | 0.00 | Oct 3, 2024 | DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. | |||
| CVE-2024-41592 | 0.00 | — | 0.01 | Oct 3, 2024 | DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. | |||
| CVE-2024-41585 | 0.00 | — | 0.01 | Oct 3, 2024 | DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine. | |||
| CVE-2024-41596 | 0.00 | — | 0.00 | Oct 3, 2024 | Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. | |||
| CVE-2024-41584 | 0.00 | — | 0.00 | Oct 3, 2024 | DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter. | |||
| CVE-2024-41583 | 0.00 | — | 0.00 | Oct 3, 2024 | DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name. | |||
| CVE-2024-41588 | 0.00 | — | 0.00 | Oct 3, 2024 | The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function. | |||
| CVE-2024-41586 | 0.00 | — | 0.00 | Oct 3, 2024 | A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. | |||
| CVE-2024-41587 | 0.00 | — | 0.00 | Oct 3, 2024 | Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. | |||
| CVE-2024-41589 | 0.00 | — | 0.00 | Oct 3, 2024 | DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. | |||
| CVE-2024-41590 | 0.00 | — | 0.00 | Oct 3, 2024 | Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6. | |||
| CVE-2024-41595 | 0.00 | — | 0.00 | Oct 3, 2024 | DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations. | |||
| CVE-2024-46585 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at usergrp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46558 | 0.00 | — | 0.01 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46596 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46590 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46594 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46583 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46589 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sIpv6AiccuUser parameter at inetipv6.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46593 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at cgiswm.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46580 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46584 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46553 | 0.00 | — | 0.01 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46598 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46560 | 0.00 | — | 0.01 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46564 | 0.00 | — | 0.01 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46592 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46568 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46591 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46586 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sCloudPass parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46550 | 0.00 | — | 0.01 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46595 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46559 | 0.00 | — | 0.01 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46551 | 0.00 | — | 0.01 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46571 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46556 | 0.00 | — | 0.01 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46581 | 0.00 | — | 0.00 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||
| CVE-2024-46567 | 0.00 | — | 0.01 | Sep 18, 2024 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
- CVE-2024-51300Oct 30, 2024risk 0.00cvss —epss 0.01
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function.
- CVE-2024-51296Oct 30, 2024risk 0.00cvss —epss 0.01
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function.
- CVE-2024-51298Oct 30, 2024risk 0.00cvss —epss 0.01
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function.
- CVE-2024-51299Oct 30, 2024risk 0.00cvss —epss 0.01
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function.
- CVE-2024-51301Oct 30, 2024risk 0.00cvss —epss 0.01
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function.
- CVE-2024-51258Oct 30, 2024risk 0.00cvss —epss 0.01
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function.
- CVE-2024-51257Oct 30, 2024risk 0.00cvss —epss 0.00
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function.
- CVE-2024-51304Oct 30, 2024risk 0.00cvss —epss 0.01
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function.
- CVE-2024-48074Oct 28, 2024risk 0.00cvss —epss 0.01
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system…
- CVE-2024-48153Oct 14, 2024risk 0.00cvss —epss 0.01
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.
- CVE-2024-46316Oct 9, 2024risk 0.00cvss —epss 0.01
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message.
- CVE-2024-41594Oct 3, 2024risk 0.00cvss —epss 0.00
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
- CVE-2024-41591Oct 3, 2024risk 0.00cvss —epss 0.00
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
- CVE-2024-41592Oct 3, 2024risk 0.00cvss —epss 0.01
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.
- CVE-2024-41585Oct 3, 2024risk 0.00cvss —epss 0.01
DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine.
- CVE-2024-41596Oct 3, 2024risk 0.00cvss —epss 0.00
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.
- CVE-2024-41584Oct 3, 2024risk 0.00cvss —epss 0.00
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter.
- CVE-2024-41583Oct 3, 2024risk 0.00cvss —epss 0.00
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name.
- CVE-2024-41588Oct 3, 2024risk 0.00cvss —epss 0.00
The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.
- CVE-2024-41586Oct 3, 2024risk 0.00cvss —epss 0.00
A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component.
- CVE-2024-41587Oct 3, 2024risk 0.00cvss —epss 0.00
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
- CVE-2024-41589Oct 3, 2024risk 0.00cvss —epss 0.00
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.
- CVE-2024-41590Oct 3, 2024risk 0.00cvss —epss 0.00
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.
- CVE-2024-41595Oct 3, 2024risk 0.00cvss —epss 0.00
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations.
- CVE-2024-46585Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at usergrp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46558Sep 18, 2024risk 0.00cvss —epss 0.01
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46596Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46590Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46594Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46583Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46589Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sIpv6AiccuUser parameter at inetipv6.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46593Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at cgiswm.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46580Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46584Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46553Sep 18, 2024risk 0.00cvss —epss 0.01
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46598Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46560Sep 18, 2024risk 0.00cvss —epss 0.01
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46564Sep 18, 2024risk 0.00cvss —epss 0.01
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46592Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46568Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46591Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46586Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sCloudPass parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46550Sep 18, 2024risk 0.00cvss —epss 0.01
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46595Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46559Sep 18, 2024risk 0.00cvss —epss 0.01
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46551Sep 18, 2024risk 0.00cvss —epss 0.01
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46571Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46556Sep 18, 2024risk 0.00cvss —epss 0.01
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46581Sep 18, 2024risk 0.00cvss —epss 0.00
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2024-46567Sep 18, 2024risk 0.00cvss —epss 0.01
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Page 2 of 3