Vigor3910 Firmware

vigor3910_firmware

Vendor: Draytek • 60 CVEs

CVEs (60)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-46567 1Draytek 1Vigor3910 Firmware Mar 18, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46566 1Draytek 1Vigor3910 Firmware Mar 18, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at sslapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46565 1Draytek 1Vigor3910 Firmware Mar 13, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46564 1Draytek 1Vigor3910 Firmware Mar 19, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46561 1Draytek 1Vigor3910 Firmware Mar 19, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46560 1Draytek 1Vigor3910 Firmware Mar 14, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46559 1Draytek 1Vigor3910 Firmware Mar 18, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46558 1Draytek 1Vigor3910 Firmware Mar 18, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46557 1Draytek 1Vigor3910 Firmware Mar 13, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46556 1Draytek 1Vigor3910 Firmware Mar 18, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46555 1Draytek 1Vigor3910 Firmware Mar 18, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46554 1Draytek 1Vigor3910 Firmware Mar 13, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46553 1Draytek 1Vigor3910 Firmware Mar 19, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46552 1Draytek 1Vigor3910 Firmware Mar 17, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46551 1Draytek 1Vigor3910 Firmware Mar 13, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46550 1Draytek 1Vigor3910 Firmware Mar 17, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-23721 1Draytek 1Vigor3910 Firmware May 23, 2025 Mar 20, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information.
CVE-2023-33778 1Draytek 72Myvigor Vigor1000b FirmwareVigor130 Firmware+69 more Jan 9, 2025 Jun 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded...Show more Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website.Show less
CVE-2023-23313 1Draytek 91Vigor1000b Firmware Vigor130 FirmwareVigor165 Firmware+88 more Oct 7, 2025 Mar 3, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v...Show more Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.Show less
CVE-2022-32548 1Draytek 68Vigor1000b Firmware Vigor165 FirmwareVigor166 Firmware+65 more Nov 21, 2024 Aug 29, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

Previous 1 23