Vigor3220_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Vigor3220_firmware
(Draytek)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	5

Date	Id	Summary	Products	Score	Patch	Annotated
2024-10-03	CVE-2024-41593	DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.	Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware	9.8
2024-10-03	CVE-2024-41587	Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.	Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware	5.4
2024-10-03	CVE-2024-41591	DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.	Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware	6.1
2024-10-03	CVE-2024-41594	An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.	Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware	7.5
2022-08-29	CVE-2022-32548	An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.	Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2133ac_firmware, Vigor2133fvac_firmware, Vigor2133n_firmware, Vigor2133vac_firmware, Vigor2135_firmware, Vigor2135ac_firmware, Vigor2135fvac_firmware, Vigor2135vac_firmware, Vigor2620l_firmware, Vigor2620ln_firmware, Vigor2762_firmware, Vigor2762ac_firmware, Vigor2762n_firmware, Vigor2762vac_firmware, Vigor2765_firmware, Vigor2765ac_firmware, Vigor2765vac_firmware, Vigor2766_firmware, Vigor2766ac_firmware, Vigor2766vac_firmware, Vigor2832_firmware, Vigor2862_firmware, Vigor2862ac_firmware, Vigor2862b_firmware, Vigor2862bn_firmware, Vigor2862l_firmware, Vigor2862lac_firmware, Vigor2862ln_firmware, Vigor2862n_firmware, Vigor2862vac_firmware, Vigor2865_firmware, Vigor2865ac_firmware, Vigor2865ax_firmware, Vigor2865l_firmware, Vigor2865lac_firmware, Vigor2865vac_firmware, Vigor2866_firmware, Vigor2866ac_firmware, Vigor2866ax_firmware, Vigor2866l_firmware, Vigor2866lac_firmware, Vigor2866vac_firmware, Vigor2915_firmware, Vigor2915ac_firmware, Vigor2926_firmware, Vigor2926ac_firmware, Vigor2926l_firmware, Vigor2926lac_firmware, Vigor2926ln_firmware, Vigor2926n_firmware, Vigor2926vac_firmware, Vigor2927_firmware, Vigor2927ac_firmware, Vigor2927ax_firmware, Vigor2927l_firmware, Vigor2927lac_firmware, Vigor2927vac_firmware, Vigor2952_firmware, Vigor2952p_firmware, Vigor2962_firmware, Vigor2962p_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigorlte_200n_firmware	9.8