Vigor2135_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Vigor2135_firmware
(Draytek)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	6

Date	Id	Summary	Products	Score	Patch	Annotated
2024-10-03	CVE-2024-41593	DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.	Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware	9.8
2024-10-03	CVE-2024-41587	Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.	Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware	5.4
2024-10-03	CVE-2024-41591	DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.	Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware	6.1
2024-10-03	CVE-2024-41594	An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.	Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware	7.5
2023-03-03	CVE-2023-23313	Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.	Vigor130_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2133ac_firmware, Vigor2133fvac_firmware, Vigor2133n_firmware, Vigor2133vac_firmware, Vigor2135_firmware, Vigor2135ac_firmware, Vigor2135ax_firmware, Vigor2135fvac_firmware, Vigor2135vac_firmware, Vigor2762_firmware, Vigor2762ac_firmware, Vigor2762n_firmware, Vigor2762vac_firmware, Vigor2763_firmware, Vigor2763ac_firmware, Vigor2765_firmware, Vigor2765ac_firmware, Vigor2765ax_firmware, Vigor2765va_firmware, Vigor2766_firmware, Vigor2766ac_firmware, Vigor2766ax_firmware, Vigor2766vac_firmware, Vigor2832_firmware, Vigor2832n_firmware, Vigor2860_firmware, Vigor2860ac_firmware, Vigor2860l_firmware, Vigor2860ln_firmware, Vigor2860n\-Plus_firmware, Vigor2860n_firmware, Vigor2860vac_firmware, Vigor2860vn\-Plus_firmware, Vigornic_132_firmware, Virgor1000b_firmware, Virgor2862_firmware, Virgor2862ac_firmware, Virgor2862b_firmware, Virgor2862bn_firmware, Virgor2862l_firmware, Virgor2862lac_firmware, Virgor2862ln_firmware, Virgor2862n_firmware, Virgor2862vac_firmware, Virgor2865_firmware, Virgor2865ac_firmware, Virgor2865ax_firmware, Virgor2865l_firmware, Virgor2865lac_firmware, Virgor2865vac_firmware, Virgor2866_firmware, Virgor2866ac_firmware, Virgor2866ax_firmware, Virgor2866l_firmware, Virgor2866lac_firmware, Virgor2866vac_firmware, Virgor2915_firmware, Virgor2915ac_firmware, Virgor2925_firmware, Virgor2925ac_firmware, Virgor2925fn_firmware, Virgor2925l_firmware, Virgor2925ln_firmware, Virgor2925n\-Plus_firmware, Virgor2925n_firmware, Virgor2925vac_firmware, Virgor2925vn\-Plus_firmware, Virgor2926_firmware, Virgor2926ac_firmware, Virgor2926l_firmware, Virgor2926lac_firmware, Virgor2926ln_firmware, Virgor2926n_firmware, Virgor2926vac_firmware, Virgor2927_firmware, Virgor2927ac_firmware, Virgor2927ax_firmware, Virgor2927f_firmware, Virgor2927l_firmware, Virgor2927lac_firmware, Virgor2927vac_firmware, Virgor2952_firmware, Virgor2952p_firmware, Virgor2962_firmware, Virgor2962p_firmware, Virgor3220_firmware, Virgor3910_firmware	6.1
2022-08-29	CVE-2022-32548	An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.	Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2133ac_firmware, Vigor2133fvac_firmware, Vigor2133n_firmware, Vigor2133vac_firmware, Vigor2135_firmware, Vigor2135ac_firmware, Vigor2135fvac_firmware, Vigor2135vac_firmware, Vigor2620l_firmware, Vigor2620ln_firmware, Vigor2762_firmware, Vigor2762ac_firmware, Vigor2762n_firmware, Vigor2762vac_firmware, Vigor2765_firmware, Vigor2765ac_firmware, Vigor2765vac_firmware, Vigor2766_firmware, Vigor2766ac_firmware, Vigor2766vac_firmware, Vigor2832_firmware, Vigor2862_firmware, Vigor2862ac_firmware, Vigor2862b_firmware, Vigor2862bn_firmware, Vigor2862l_firmware, Vigor2862lac_firmware, Vigor2862ln_firmware, Vigor2862n_firmware, Vigor2862vac_firmware, Vigor2865_firmware, Vigor2865ac_firmware, Vigor2865ax_firmware, Vigor2865l_firmware, Vigor2865lac_firmware, Vigor2865vac_firmware, Vigor2866_firmware, Vigor2866ac_firmware, Vigor2866ax_firmware, Vigor2866l_firmware, Vigor2866lac_firmware, Vigor2866vac_firmware, Vigor2915_firmware, Vigor2915ac_firmware, Vigor2926_firmware, Vigor2926ac_firmware, Vigor2926l_firmware, Vigor2926lac_firmware, Vigor2926ln_firmware, Vigor2926n_firmware, Vigor2926vac_firmware, Vigor2927_firmware, Vigor2927ac_firmware, Vigor2927ax_firmware, Vigor2927l_firmware, Vigor2927lac_firmware, Vigor2927vac_firmware, Vigor2952_firmware, Vigor2952p_firmware, Vigor2962_firmware, Vigor2962p_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigorlte_200n_firmware	9.8