Skip to main content

Vigor2866Ac Firmware

3 CVEs product

Monthly

CVE-2023-33778 CRITICAL POC Act Now

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Myvigor Vigorswitch Pq2200Xb Firmware Vigorswitch Pq2121X Firmware Vigorswitch P2540Xs Firmware +68
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-23313 MEDIUM This Month

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2860 Firmware Vigor2860N Firmware Vigor2860N Plus Firmware Vigor2860Vn Plus Firmware +87
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-32548 CRITICAL POC THREAT Act Now

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vigor3910 Firmware Vigor1000B Firmware Vigor2962 Firmware Vigor2962P Firmware +64
NVD
CVSS 3.1
9.8
EPSS
33.8%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Myvigor Vigorswitch Pq2200Xb Firmware +70
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2860 Firmware Vigor2860N Firmware +89
NVD
EPSS 34% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vigor3910 Firmware Vigor1000B Firmware +66
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy