Vulnerabilities > Draytek > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-06-24 CVE-2020-14473 Out-of-bounds Write vulnerability in Draytek products
Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.
network
low complexity
draytek CWE-787
critical
9.8
2020-06-24 CVE-2020-14472 Command Injection vulnerability in Draytek products
On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.
network
low complexity
draytek CWE-77
critical
9.8
2020-06-23 CVE-2020-14993 Out-of-bounds Write vulnerability in Draytek products
A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.
network
low complexity
draytek CWE-787
critical
9.8
2020-03-26 CVE-2020-10828 Out-of-bounds Write vulnerability in Draytek products
A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.
network
low complexity
draytek CWE-787
critical
9.8
2020-03-26 CVE-2020-10827 Out-of-bounds Write vulnerability in Draytek products
A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.
network
low complexity
draytek CWE-787
critical
9.8
2020-03-26 CVE-2020-10826 Command Injection vulnerability in Draytek products
/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.
network
low complexity
draytek CWE-77
critical
9.8
2020-03-26 CVE-2020-10825 Out-of-bounds Write vulnerability in Draytek products
A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).
network
low complexity
draytek CWE-787
critical
9.8
2020-03-26 CVE-2020-10824 Out-of-bounds Write vulnerability in Draytek products
A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).
network
low complexity
draytek CWE-787
critical
9.8
2020-03-26 CVE-2020-10823 Out-of-bounds Write vulnerability in Draytek products
A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).
network
low complexity
draytek CWE-787
critical
9.8
2020-02-01 CVE-2020-8515 OS Command Injection vulnerability in Draytek products
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI.
network
low complexity
draytek CWE-78
critical
9.8