VYPR

Vendor CVEs

Draytek

All CVEs

137 total · sorted by risk
  • CVE-2024-46588Sep 18, 2024
    risk 0.00cvss epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at wizfw.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46554Sep 18, 2024
    risk 0.00cvss epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46565Sep 18, 2024
    risk 0.00cvss epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46566Sep 18, 2024
    risk 0.00cvss epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at sslapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46561Sep 18, 2024
    risk 0.00cvss epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46552Sep 18, 2024
    risk 0.00cvss epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46557Sep 18, 2024
    risk 0.00cvss epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46597Sep 18, 2024
    risk 0.00cvss epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46582Sep 18, 2024
    risk 0.00cvss epss 0.00

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvAddr parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-46555Sep 18, 2024
    risk 0.00cvss epss 0.01

    Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2024-44844Sep 6, 2024
    risk 0.00cvss epss 0.02

    DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.

  • CVE-2024-44845Sep 6, 2024
    risk 0.00cvss epss 0.02

    DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.

  • CVE-2024-43027Aug 21, 2024
    risk 0.00cvss epss 0.01

    DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi.

  • CVE-2024-23721Mar 20, 2024
    risk 0.00cvss epss 0.01

    A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information.

  • CVE-2023-47254Dec 9, 2023
    risk 0.00cvss epss 0.02

    An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.

  • CVE-2023-6265Nov 22, 2023
    risk 0.00cvss epss 0.02

    ** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files.…

  • CVE-2023-31447Aug 21, 2023
    risk 0.00cvss epss 0.01

    user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.

  • CVE-2023-33778Jun 1, 2023
    risk 0.00cvss epss 0.01

    Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected…

  • CVE-2023-24229Mar 15, 2023
    risk 0.00cvss epss 0.07

    DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the…

  • CVE-2023-1163Mar 3, 2023
    risk 0.00cvss epss 0.02

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation…

  • CVE-2023-23313Mar 3, 2023
    risk 0.00cvss epss 0.00

    Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927…

  • CVE-2023-1009Feb 24, 2023
    risk 0.00cvss epss 0.16

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument…

  • CVE-2021-42911Mar 29, 2022
    risk 0.00cvss epss 0.03

    A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute…

  • CVE-2020-28968Oct 22, 2021
    risk 0.00cvss epss 0.01

    Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.

  • CVE-2021-20129Oct 13, 2021
    risk 0.00cvss epss 0.02

    An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs.

  • CVE-2021-20128Oct 13, 2021
    risk 0.00cvss epss 0.01

    The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized.

  • CVE-2021-20127Oct 13, 2021
    risk 0.00cvss epss 0.01

    An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges.

  • CVE-2021-20126Oct 13, 2021
    risk 0.00cvss epss 0.01

    Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

  • CVE-2021-20125Oct 13, 2021
    risk 0.00cvss epss 0.04

    An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating…

  • CVE-2020-14472Jun 24, 2020
    risk 0.00cvss epss 0.03

    On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.

  • CVE-2020-14473Jun 24, 2020
    risk 0.00cvss epss 0.02

    Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.

  • CVE-2020-3932Apr 15, 2020
    risk 0.00cvss epss 0.01

    A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage.

  • CVE-2020-10825Mar 26, 2020
    risk 0.00cvss epss 0.04

    A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).

  • CVE-2020-10824Mar 26, 2020
    risk 0.00cvss epss 0.04

    A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).

  • CVE-2019-16534Sep 20, 2019
    risk 0.00cvss epss 0.01

    On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.

  • CVE-2019-16533Sep 20, 2019
    risk 0.00cvss epss 0.01

    On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.

  • CVE-2013-5703Oct 22, 2013
    risk 0.00cvss epss 0.01

    The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js.

Page 3 of 3