Vulnerabilities > Draytek

DATE CVE VULNERABILITY TITLE RISK
2024-09-18 CVE-2024-46594 Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi.
network
low complexity
draytek CWE-120
7.5
7.5
2024-09-18 CVE-2024-46595 Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi.
network
low complexity
draytek CWE-120
7.5
7.5
2024-09-18 CVE-2024-46596 Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi.
network
low complexity
draytek CWE-120
7.5
7.5
2024-09-18 CVE-2024-46597 Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi.
network
low complexity
draytek CWE-120
7.5
7.5
2024-09-18 CVE-2024-46598 Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi.
network
low complexity
draytek CWE-120
7.5
7.5
2024-09-06 CVE-2024-44844 OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
network
low complexity
draytek CWE-78
8.8
8.8
2024-09-06 CVE-2024-44845 OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
network
low complexity
draytek CWE-78
8.8
8.8
2023-12-09 CVE-2023-47254 OS Command Injection vulnerability in Draytek Vigor167 Firmware 5.2.2
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.
network
low complexity
draytek CWE-78
critical
 9.8
9.8
2023-11-22 CVE-2023-6265 Path Traversal vulnerability in Draytek Vigor2960 Firmware 1.5.1.4/1.5.1.5
** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files.
network
low complexity
draytek CWE-22
8.1
8.1
2023-08-21 CVE-2023-31447 Unspecified vulnerability in Draytek Vigor2620 Firmware and Vigor2625 Firmware
user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.
network
low complexity
draytek
critical
 9.8
9.8