Skip to main content

Vigorlte200 Firmware

14 CVEs product

Monthly

CVE-2024-51139 CRITICAL Act Now

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Vigor2620 Firmware Vigorlte200 Firmware Vigor2860 Firmware +20
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-51138 CRITICAL Act Now

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Vigor3912 Firmware Vigor2620 Firmware +21
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41340 HIGH This Week

An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Vigor165 Firmware Vigor166 Firmware Vigor2620 Firmware +17
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-41339 HIGH This Week

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Vigor165 Firmware Vigor166 Firmware Vigor2620 Firmware +17
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-41338 HIGH This Week

A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vigor165 Firmware Vigor166 Firmware Vigor2620 Firmware +17
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-41334 HIGH This Week

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Vigor166 Firmware Vigor2620 Firmware Vigorlte200 Firmware Vigor2860 Firmware +16
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-41596 HIGH This Week

Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Vigor2620 Firmware Vigor2915 Firmware Vigor2866 Firmware Vigor2766 Firmware +20
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-41594 HIGH This Week

An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure OpenSSL Vigor2620 Firmware Vigor2915 Firmware Vigor2866 Firmware +21
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-41593 CRITICAL Act Now

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Vigor3912 Firmware Vigor2962 Firmware +22
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41592 HIGH POC This Week

DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Vigor2952 Firmware Vigor2620 Firmware Vigor2915 Firmware +21
NVD
CVSS 3.1
8.0
EPSS
1.4%
CVE-2024-41591 MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2620 Firmware Vigor2915 Firmware Vigor2866 Firmware Vigor2766 Firmware +20
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41590 HIGH This Week

Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Vigor2765 Firmware Vigor2763 Firmware Vigor2135 Firmware +21
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-41588 HIGH This Week

The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Vigor2620 Firmware Vigor2915 Firmware Vigor2866 Firmware Vigor2766 Firmware +20
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-41587 MEDIUM This Month

Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vigor3910 Firmware Vigor3912 Firmware Vigor2962 Firmware Vigor165 Firmware +20
NVD
CVSS 3.1
5.4
EPSS
0.2%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Vigor2620 Firmware +22
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow +23
NVD
EPSS 0% CVSS 8.4
HIGH This Week

An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Vigor165 Firmware +19
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Vigor165 Firmware +19
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vigor165 Firmware +19
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Vigor166 Firmware Vigor2620 Firmware +18
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Vigor2620 Firmware Vigor2915 Firmware +22
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure OpenSSL Vigor2620 Firmware +23
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +24
NVD
EPSS 1% CVSS 8.0
HIGH POC This Week

DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Vigor2952 Firmware +23
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2620 Firmware Vigor2915 Firmware +22
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Vigor2765 Firmware +23
NVD
EPSS 0% CVSS 8.0
HIGH This Week

The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Vigor2620 Firmware Vigor2915 Firmware +22
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vigor3910 Firmware Vigor3912 Firmware +22
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy