Skip to main content
CVE-2020-10828 CRITICAL POC THREAT Act Now

A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Vigor300b Firmware Vigor3900 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
20.9%
CVE-2020-10827 CRITICAL POC THREAT Act Now

A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Vigor300b Firmware Vigor3900 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
20.9%
CVE-2020-10826 CRITICAL POC THREAT Act Now

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor300b Firmware Vigor3900 Firmware Vigor2960 Firmware
NVD
CVSS 3.1
9.8
EPSS
39.4%
CVE-2020-10825 CRITICAL POC Act Now

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Vigor300b Firmware Vigor3900 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2020-10824 CRITICAL POC Act Now

A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Vigor300b Firmware Vigor3900 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2020-10823 CRITICAL POC Act Now

A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Vigor300b Firmware Vigor3900 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2020-10245 CRITICAL POC Act Now

CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 +11
NVD
CVSS 3.1
9.8
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy