Vulnerabilities > Draytek
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-06 | CVE-2024-44844 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6 DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function. | 8.8 |
| 2024-09-06 | CVE-2024-44845 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6 DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function. | 8.8 |
| 2023-12-09 | CVE-2023-47254 | OS Command Injection vulnerability in Draytek Vigor167 Firmware 5.2.2 An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. | 9.8 |
| 2023-11-22 | CVE-2023-6265 | Path Traversal vulnerability in Draytek Vigor2960 Firmware 1.5.1.4/1.5.1.5 ** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. | 8.1 |
| 2023-08-21 | CVE-2023-31447 | Unspecified vulnerability in Draytek Vigor2620 Firmware and Vigor2625 Firmware user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code. | 9.8 |
| 2023-06-01 | CVE-2023-33778 | Use of Hard-coded Credentials vulnerability in Draytek products Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. | 9.8 |
| 2023-03-15 | CVE-2023-24229 | Command Injection vulnerability in Draytek Vigor2960 Firmware 1.5.1.4 DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. | 7.8 |
| 2023-03-03 | CVE-2023-23313 | Cross-site Scripting vulnerability in Draytek products Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. | 6.1 |
| 2023-03-03 | CVE-2023-1162 | Command Injection vulnerability in Draytek Vigor 2960 Firmware 1.5.1.4 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. | 8.8 |
| 2023-03-03 | CVE-2023-1163 | Path Traversal vulnerability in Draytek Vigor 2960 Firmware 1.5.1.4 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. | 6.5 |