Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vigor2960_firmware
(Draytek)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-22 | CVE-2023-6265 | ** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported. | Vigor2960_firmware | 8.1 | ||
| 2020-03-26 | CVE-2020-10826 | /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. | Vigor2960_firmware, Vigor300b_firmware, Vigor3900_firmware | 9.8 | ||
| 2020-03-26 | CVE-2020-10828 | A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. | Vigor2960_firmware, Vigor300b_firmware, Vigor3900_firmware | N/A | ||
| 2020-03-26 | CVE-2020-10827 | A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. | Vigor2960_firmware, Vigor300b_firmware, Vigor3900_firmware | N/A | ||
| 2020-03-26 | CVE-2020-10825 | A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3). | Vigor2960_firmware, Vigor300b_firmware, Vigor3900_firmware | N/A | ||
| 2020-03-26 | CVE-2020-10824 | A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3). | Vigor2960_firmware, Vigor300b_firmware, Vigor3900_firmware | N/A | ||
| 2020-03-26 | CVE-2020-10823 | A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3). | Vigor2960_firmware, Vigor300b_firmware, Vigor3900_firmware | N/A |