Draytek

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-46561 1Draytek 1Vigor3910 Firmware Mar 19, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46560 1Draytek 1Vigor3910 Firmware Mar 14, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46559 1Draytek 1Vigor3910 Firmware Mar 18, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46558 1Draytek 1Vigor3910 Firmware Mar 18, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46557 1Draytek 1Vigor3910 Firmware Mar 13, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46556 1Draytek 1Vigor3910 Firmware Mar 18, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46555 1Draytek 1Vigor3910 Firmware Mar 18, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46554 1Draytek 1Vigor3910 Firmware Mar 13, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46553 1Draytek 1Vigor3910 Firmware Mar 19, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46552 1Draytek 1Vigor3910 Firmware Mar 17, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46551 1Draytek 1Vigor3910 Firmware Mar 13, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-46550 1Draytek 1Vigor3910 Firmware Mar 17, 2025 Sep 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-44845 1Draytek 1Vigor3900 Firmware Sep 11, 2024 Sep 6, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
CVE-2024-44844 1Draytek 1Vigor3900 Firmware Sep 11, 2024 Sep 6, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
CVE-2024-43027 1Draytek 3Vigor2960 Firmware Vigor300b FirmwareVigor3900 Firmware Jun 3, 2025 Aug 21, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bi...Show more DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi.Show less
CVE-2024-23721 1Draytek 1Vigor3910 Firmware May 23, 2025 Mar 20, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information.
CVE-2023-47254 1Draytek 1Vigor167 Firmware Nov 21, 2024 Dec 9, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.
CVE-2023-6265 1Draytek 1Vigor2960 Firmware Nov 21, 2024 Nov 22, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 UNSUPPORTED WHEN ASSIGNED Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the w...Show more UNSUPPORTED WHEN ASSIGNED Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.Show less
CVE-2023-31447 1Draytek 2Vigor2620 Firmware Vigor2625 Firmware Nov 21, 2024 Aug 21, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute ar...Show more user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.Show less
CVE-2023-33778 1Draytek 72Myvigor Vigor1000b FirmwareVigor130 Firmware+69 more Jan 9, 2025 Jun 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded...Show more Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website.Show less

Previous 1 2 3 456 7 Next