Vulnerabilities > Draytek > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-01 | CVE-2024-51252 | OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.3 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. | 9.8 |
| 2024-10-03 | CVE-2024-41593 | Out-of-bounds Write vulnerability in Draytek products DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. | 9.8 |
| 2023-12-09 | CVE-2023-47254 | OS Command Injection vulnerability in Draytek Vigor167 Firmware 5.2.2 An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. | 9.8 |
| 2023-08-21 | CVE-2023-31447 | Unspecified vulnerability in Draytek Vigor2620 Firmware and Vigor2625 Firmware user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code. | 9.8 |
| 2023-06-01 | CVE-2023-33778 | Use of Hard-coded Credentials vulnerability in Draytek products Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. | 9.8 |
| 2021-10-13 | CVE-2021-20125 | Unrestricted Upload of File with Dangerous Type vulnerability in Draytek Vigorconnect 1.6.0 An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. | 10.0 |
| 2020-06-30 | CVE-2020-15415 | OS Command Injection vulnerability in Draytek products On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472. | 9.8 |
| 2020-06-24 | CVE-2020-14473 | Out-of-bounds Write vulnerability in Draytek products Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1. | 9.8 |
| 2020-06-23 | CVE-2020-14993 | Out-of-bounds Write vulnerability in Draytek products A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi. | 9.8 |
| 2020-03-26 | CVE-2020-10826 | Command Injection vulnerability in Draytek products /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. | 10.0 |