Vulnerabilities > Draytek > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-18 CVE-2024-46598 Classic Buffer Overflow vulnerability in Draytek Vigor3910 Firmware 4.3.2.6
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi.
network
low complexity
draytek CWE-120
7.5
2024-09-06 CVE-2024-44844 OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
network
low complexity
draytek CWE-78
8.8
2024-09-06 CVE-2024-44845 OS Command Injection vulnerability in Draytek Vigor3900 Firmware 1.5.1.6
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
network
low complexity
draytek CWE-78
8.8
2023-11-22 CVE-2023-6265 Path Traversal vulnerability in Draytek Vigor2960 Firmware 1.5.1.4/1.5.1.5
** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files.
network
low complexity
draytek CWE-22
8.1
2023-03-15 CVE-2023-24229 Command Injection vulnerability in Draytek Vigor2960 Firmware 1.5.1.4
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter.
local
low complexity
draytek CWE-77
7.8
2023-03-03 CVE-2023-1162 Unspecified vulnerability in Draytek Vigor 2960 Firmware 1.5.1.4
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5.
network
low complexity
draytek
8.8
2021-10-13 CVE-2021-20123 Path Traversal vulnerability in Draytek Vigorconnect 1.6.0
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint.
network
low complexity
draytek CWE-22
7.5
2021-10-13 CVE-2021-20124 Path Traversal vulnerability in Draytek Vigorconnect 1.6.0
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint.
network
low complexity
draytek CWE-22
7.5
2021-10-13 CVE-2021-20126 Cross-Site Request Forgery (CSRF) vulnerability in Draytek Vigorconnect 1.6.0
Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
network
low complexity
draytek CWE-352
8.8
2021-10-13 CVE-2021-20127 Unspecified vulnerability in Draytek Vigorconnect 1.6.0
An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3.
network
low complexity
draytek
8.1