Filtered by vendor Draytek
Subscriptions
Total
133 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-46582 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvAddr parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-46552 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-17 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-46550 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-17 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-46593 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-17 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at cgiswm.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-46585 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-17 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at usergrp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-46571 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-17 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-46568 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-17 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-46584 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-14 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-46560 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-14 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-41591 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-03-14 | 6.1 Medium |
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. | ||||
CVE-2024-46580 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-14 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-46588 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at wizfw.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-46554 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-46551 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-46595 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-41593 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-03-13 | 9.8 Critical |
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. | ||||
CVE-2024-46557 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-46586 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sCloudPass parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2024-46565 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-13 | 7.5 High |
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2023-1009 | 1 Draytek | 2 Vigor2960, Vigor2960 Firmware | 2025-03-11 | 6.5 Medium |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |