Draytek

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-14993 1Draytek 3Vigor2960 Firmware Vigor300b FirmwareVigor3900 Firmware Nov 21, 2024 Jun 23, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to main...Show more A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.Show less
CVE-2020-3932 1Draytek 1Vigorap 910c Firmware Nov 21, 2024 Apr 15, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage.
CVE-2020-10828 1Draytek 3Vigor2960 Firmware Vigor300b FirmwareVigor3900 Firmware May 5, 2025 Mar 26, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.
CVE-2020-10827 1Draytek 3Vigor2960 Firmware Vigor300b FirmwareVigor3900 Firmware May 5, 2025 Mar 26, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.
CVE-2020-10826 1Draytek 3Vigor2960 Firmware Vigor300b FirmwareVigor3900 Firmware May 5, 2025 Mar 26, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.
CVE-2020-10825 1Draytek 3Vigor2960 Firmware Vigor300b FirmwareVigor3900 Firmware May 5, 2025 Mar 26, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a re...Show more A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).Show less
CVE-2020-10824 1Draytek 3Vigor2960 Firmware Vigor300b FirmwareVigor3900 Firmware May 5, 2025 Mar 26, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP requ...Show more A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).Show less
CVE-2020-10823 1Draytek 3Vigor2960 Firmware Vigor300b FirmwareVigor3900 Firmware May 5, 2025 Mar 26, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request...Show more A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).Show less
CVE-2020-8515 1Draytek 3Vigor2960 Firmware Vigor300b FirmwareVigor3900 Firmware Nov 7, 2025 Feb 1, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/main...Show more DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.Show less
CVE-2019-16534 1Draytek 1Vigor2925 Firmware Nov 21, 2024 Sep 20, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.
CVE-2019-16533 1Draytek 1Vigor2925 Firmware Nov 21, 2024 Sep 20, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
CVE-2017-11650 1Draytek 1Vigorap 910c Firmware Nov 21, 2024 Mar 7, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp.
CVE-2017-11649 1Draytek 1Vigorap 910c Firmware Nov 21, 2024 Mar 7, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP...Show more Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp.Show less
CVE-2013-5703 1Draytek 2Vigor 2700 Router Vigor 2700 Router Firmware Apr 29, 2026 Oct 22, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWle...Show more The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js.Show less

Previous 1 2 3 4 5 67