Draytek

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-48153 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 14, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.
CVE-2024-46316 1Draytek 1Vigor3900 Firmware Apr 10, 2025 Oct 9, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supply...Show more DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message.Show less
CVE-2024-41596 1Draytek 24Vigor1000b Firmware Vigor165 FirmwareVigor166 Firmware+21 more Jun 11, 2025 Oct 3, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.
CVE-2024-41595 1Draytek 1Vigor3910 Firmware Apr 10, 2025 Oct 3, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations.
CVE-2024-41594 1Draytek 24Vigor1000b Firmware Vigor165 FirmwareVigor166 Firmware+21 more Mar 19, 2025 Oct 3, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
CVE-2024-41593 1Draytek 24Vigor1000b Firmware Vigor165 FirmwareVigor166 Firmware+21 more Mar 13, 2025 Oct 3, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, lead...Show more DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.Show less
CVE-2024-41592 1Draytek 24Vigor1000b Firmware Vigor165 FirmwareVigor166 Firmware+21 more Jun 3, 2025 Oct 3, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.
CVE-2024-41591 1Draytek 24Vigor1000b Firmware Vigor165 FirmwareVigor166 Firmware+21 more Mar 14, 2025 Oct 3, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
CVE-2024-41590 1Draytek 24Vigor1000b Firmware Vigor165 FirmwareVigor166 Firmware+21 more Jun 11, 2025 Oct 3, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4...Show more Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.Show less
CVE-2024-41589 1Draytek 1Vigor3910 Firmware Apr 10, 2025 Oct 3, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.
CVE-2024-41588 1Draytek 24Vigor1000b Firmware Vigor165 FirmwareVigor166 Firmware+21 more Jun 11, 2025 Oct 3, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST req...Show more The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.Show less
CVE-2024-41587 1Draytek 24Vigor1000b Firmware Vigor165 FirmwareVigor166 Firmware+21 more Mar 18, 2025 Oct 3, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
CVE-2024-41586 1Draytek 1Vigor3910 Firmware Apr 10, 2025 Oct 3, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component.
CVE-2024-41585 1Draytek 1Vigor3910 Firmware Apr 10, 2025 Oct 3, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands in...Show more DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine.Show less
CVE-2024-41584 1Draytek 1Vigor3910 Firmware Apr 10, 2025 Oct 3, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter.
CVE-2024-41583 1Draytek 1Vigor3910 Firmware Apr 10, 2025 Oct 3, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name.
CVE-2024-46598 1Draytek 1Vigor3910 Firmware Mar 18, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46597 1Draytek 1Vigor3910 Firmware Mar 19, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46596 1Draytek 1Vigor3910 Firmware Mar 20, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46595 1Draytek 1Vigor3910 Firmware Mar 13, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Previous 1 234 5 6 7 Next