Skip to main content

Vigor3910 Firmware

60 CVEs product

Monthly

CVE-2024-51139 CRITICAL Act Now

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Vigor2620 Firmware Vigorlte200 Firmware Vigor2860 Firmware +20
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-51138 CRITICAL Act Now

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Vigor3912 Firmware Vigor2620 Firmware +21
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41340 HIGH This Week

An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Vigor165 Firmware Vigor166 Firmware Vigor2620 Firmware +17
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-41339 HIGH This Week

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Vigor165 Firmware Vigor166 Firmware Vigor2620 Firmware +17
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-41338 HIGH This Week

A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vigor165 Firmware Vigor166 Firmware Vigor2620 Firmware +17
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-41334 HIGH This Week

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Vigor166 Firmware Vigor2620 Firmware Vigorlte200 Firmware Vigor2860 Firmware +16
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-41596 HIGH This Week

Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Vigor2620 Firmware Vigor2915 Firmware Vigor2866 Firmware Vigor2766 Firmware +20
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-41595 HIGH This Week

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-41594 HIGH This Week

An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure OpenSSL Vigor2620 Firmware Vigor2915 Firmware Vigor2866 Firmware +21
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-41593 CRITICAL Act Now

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Vigor3912 Firmware Vigor2962 Firmware +22
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41592 HIGH POC This Week

DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Vigor2952 Firmware Vigor2620 Firmware Vigor2915 Firmware +21
NVD
CVSS 3.1
8.0
EPSS
1.4%
CVE-2024-41591 MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2620 Firmware Vigor2915 Firmware Vigor2866 Firmware Vigor2766 Firmware +20
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41590 HIGH This Week

Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Vigor2765 Firmware Vigor2763 Firmware Vigor2135 Firmware +21
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-41589 HIGH This Week

DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vigor3910 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-41588 HIGH This Week

The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Vigor2620 Firmware Vigor2915 Firmware Vigor2866 Firmware Vigor2766 Firmware +20
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-41587 MEDIUM This Month

Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vigor3910 Firmware Vigor3912 Firmware Vigor2962 Firmware Vigor165 Firmware +20
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-41586 HIGH This Week

A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Vigor3910 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-41585 MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3910 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2024-41584 MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor3910 Firmware
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-41583 MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor3910 Firmware
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-46598 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46597 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46596 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46595 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46594 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46593 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at cgiswm.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46592 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46591 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46590 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46589 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sIpv6AiccuUser parameter at inetipv6.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46588 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at wizfw.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46586 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sCloudPass parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46585 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at usergrp.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46584 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46583 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46582 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvAddr parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46581 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfName parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46580 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46571 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46568 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46567 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46566 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at sslapp.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46565 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46564 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46561 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46560 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46559 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46558 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46557 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46556 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46555 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46554 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46553 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46552 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46551 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46550 HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-23721 HIGH This Week

A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Vigor3910 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-33778 CRITICAL POC Act Now

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Myvigor Vigorswitch Pq2200Xb Firmware Vigorswitch Pq2121X Firmware Vigorswitch P2540Xs Firmware +68
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-23313 MEDIUM This Month

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2860 Firmware Vigor2860N Firmware Vigor2860N Plus Firmware Vigor2860Vn Plus Firmware +87
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-32548 CRITICAL POC THREAT Act Now

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vigor3910 Firmware Vigor1000B Firmware Vigor2962 Firmware Vigor2962P Firmware +64
NVD
CVSS 3.1
9.8
EPSS
33.8%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Vigor2620 Firmware +22
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow +23
NVD
EPSS 0% CVSS 8.4
HIGH This Week

An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Vigor165 Firmware +19
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Vigor165 Firmware +19
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vigor165 Firmware +19
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Vigor166 Firmware Vigor2620 Firmware +18
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Vigor2620 Firmware Vigor2915 Firmware +22
NVD
EPSS 0% CVSS 8.0
HIGH This Week

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure OpenSSL Vigor2620 Firmware +23
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +24
NVD
EPSS 1% CVSS 8.0
HIGH POC This Week

DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Vigor2952 Firmware +23
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2620 Firmware Vigor2915 Firmware +22
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Vigor2765 Firmware +23
NVD
EPSS 0% CVSS 8.8
HIGH This Week

DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vigor3910 Firmware
NVD
EPSS 0% CVSS 8.0
HIGH This Week

The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Vigor2620 Firmware Vigor2915 Firmware +22
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vigor3910 Firmware Vigor3912 Firmware +22
NVD
EPSS 0% CVSS 8.0
HIGH This Week

A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE +1
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3910 Firmware
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor3910 Firmware
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at cgiswm.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sIpv6AiccuUser parameter at inetipv6.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at wizfw.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sCloudPass parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at usergrp.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvAddr parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfName parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at sslapp.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Vigor3910 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Vigor3910 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Myvigor Vigorswitch Pq2200Xb Firmware +70
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2860 Firmware Vigor2860N Firmware +89
NVD
EPSS 34% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vigor3910 Firmware Vigor1000B Firmware +66
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy