Vulnerabilities > Draytek > Vigor2915 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-03 CVE-2024-41593 Out-of-bounds Write vulnerability in Draytek products
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.
network
low complexity
draytek CWE-787
critical
9.8
2022-08-29 CVE-2022-32548 Classic Buffer Overflow vulnerability in Draytek products
An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1.
network
low complexity
draytek CWE-120
critical
9.8