2024-10-03
|
CVE-2024-41593
|
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.
|
Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware
|
9.8
|
|
|
2024-10-03
|
CVE-2024-41587
|
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
|
Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware
|
5.4
|
|
|
2024-10-03
|
CVE-2024-41591
|
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
|
Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware
|
6.1
|
|
|
2024-10-03
|
CVE-2024-41594
|
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
|
Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware
|
7.5
|
|
|
2023-03-03
|
CVE-2023-23313
|
Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.
|
Vigor130_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2133ac_firmware, Vigor2133fvac_firmware, Vigor2133n_firmware, Vigor2133vac_firmware, Vigor2135_firmware, Vigor2135ac_firmware, Vigor2135ax_firmware, Vigor2135fvac_firmware, Vigor2135vac_firmware, Vigor2762_firmware, Vigor2762ac_firmware, Vigor2762n_firmware, Vigor2762vac_firmware, Vigor2763_firmware, Vigor2763ac_firmware, Vigor2765_firmware, Vigor2765ac_firmware, Vigor2765ax_firmware, Vigor2765va_firmware, Vigor2766_firmware, Vigor2766ac_firmware, Vigor2766ax_firmware, Vigor2766vac_firmware, Vigor2832_firmware, Vigor2832n_firmware, Vigor2860_firmware, Vigor2860ac_firmware, Vigor2860l_firmware, Vigor2860ln_firmware, Vigor2860n\-Plus_firmware, Vigor2860n_firmware, Vigor2860vac_firmware, Vigor2860vn\-Plus_firmware, Vigornic_132_firmware, Virgor1000b_firmware, Virgor2862_firmware, Virgor2862ac_firmware, Virgor2862b_firmware, Virgor2862bn_firmware, Virgor2862l_firmware, Virgor2862lac_firmware, Virgor2862ln_firmware, Virgor2862n_firmware, Virgor2862vac_firmware, Virgor2865_firmware, Virgor2865ac_firmware, Virgor2865ax_firmware, Virgor2865l_firmware, Virgor2865lac_firmware, Virgor2865vac_firmware, Virgor2866_firmware, Virgor2866ac_firmware, Virgor2866ax_firmware, Virgor2866l_firmware, Virgor2866lac_firmware, Virgor2866vac_firmware, Virgor2915_firmware, Virgor2915ac_firmware, Virgor2925_firmware, Virgor2925ac_firmware, Virgor2925fn_firmware, Virgor2925l_firmware, Virgor2925ln_firmware, Virgor2925n\-Plus_firmware, Virgor2925n_firmware, Virgor2925vac_firmware, Virgor2925vn\-Plus_firmware, Virgor2926_firmware, Virgor2926ac_firmware, Virgor2926l_firmware, Virgor2926lac_firmware, Virgor2926ln_firmware, Virgor2926n_firmware, Virgor2926vac_firmware, Virgor2927_firmware, Virgor2927ac_firmware, Virgor2927ax_firmware, Virgor2927f_firmware, Virgor2927l_firmware, Virgor2927lac_firmware, Virgor2927vac_firmware, Virgor2952_firmware, Virgor2952p_firmware, Virgor2962_firmware, Virgor2962p_firmware, Virgor3220_firmware, Virgor3910_firmware
|
6.1
|
|
|