|
|
Search Results
There are 125 CVE Records that match your search.
| Name | Description |
|---|---|
| CVE-2024-51304 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldap_search_dn function. |
| CVE-2024-51301 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the packet_monitor function. |
| CVE-2024-51300 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_rrd function. |
| CVE-2024-51299 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function. |
| CVE-2024-51298 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function. |
| CVE-2024-51296 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the pingtrace function. |
| CVE-2024-51260 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function. |
| CVE-2024-51259 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. |
| CVE-2024-51258 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. |
| CVE-2024-51257 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function. |
| CVE-2024-51255 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function. |
| CVE-2024-51254 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. |
| CVE-2024-51253 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function. |
| CVE-2024-51252 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. |
| CVE-2024-51251 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. |
| CVE-2024-51249 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function. |
| CVE-2024-51248 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function. |
| CVE-2024-51247 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. |
| CVE-2024-51246 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function. |
| CVE-2024-51245 | In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. |
| CVE-2024-51244 | In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function. |
| CVE-2024-48153 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. |
| CVE-2024-48074 | An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function. |
| CVE-2024-46598 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46597 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46596 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46595 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46594 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46593 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at cgiswm.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46592 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46591 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46590 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46589 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sIpv6AiccuUser parameter at inetipv6.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46588 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at wizfw.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46586 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sCloudPass parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46585 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at usergrp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46584 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46583 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46582 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvAddr parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46581 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46580 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46571 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46568 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46567 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46566 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at sslapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46565 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46564 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46561 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46560 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46559 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46558 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46557 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46556 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46555 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46554 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46553 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46552 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46551 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46550 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| CVE-2024-46316 | DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message. |
| CVE-2024-45893 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.` |
| CVE-2024-45891 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.` |
| CVE-2024-45890 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.` |
| CVE-2024-45889 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.` |
| CVE-2024-45888 | DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.' |
| CVE-2024-45887 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.` |
| CVE-2024-45885 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.` |
| CVE-2024-45884 | DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.` |
| CVE-2024-45882 | DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_map_profile.` |
| CVE-2024-44845 | DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function. |
| CVE-2024-44844 | DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function. |
| CVE-2024-43027 | DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi. |
| CVE-2024-41596 | Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. |
| CVE-2024-41595 | DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations. |
| CVE-2024-41594 | An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. |
| CVE-2024-41593 | DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. |
| CVE-2024-41592 | DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. |
| CVE-2024-41591 | DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. |
| CVE-2024-41590 | Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6. |
| CVE-2024-41589 | DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. |
| CVE-2024-41588 | The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function. |
| CVE-2024-41587 | Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. |
| CVE-2024-41586 | A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. |
| CVE-2024-41585 | DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine. |
| CVE-2024-41584 | DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter. |
| CVE-2024-41583 | DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name. |
| CVE-2024-23721 | A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information. |
| CVE-2023-6265 | ** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported. |
| CVE-2023-47254 | An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. |
| CVE-2023-33778 | Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website. |
| CVE-2023-31447 | user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code. |
| CVE-2023-24229 | ** UNSUPPORTED WHEN ASSIGNED ** DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
| CVE-2023-23313 | Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2. |
| CVE-2023-1163 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
| CVE-2023-1162 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument password leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
| CVE-2023-1009 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
| CVE-2022-32548 | An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field. |
| CVE-2021-43118 | A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code. |
| CVE-2021-42911 | A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code. |
| CVE-2021-20129 | An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs. |
| CVE-2021-20128 | The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized. |
| CVE-2021-20127 | An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges. |
| CVE-2021-20126 | Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. |
| CVE-2021-20125 | An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges. |
| CVE-2021-20124 | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. |
| CVE-2021-20123 | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. |
| CVE-2020-8515 | DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1. |
| CVE-2020-3932 | A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage. |
| CVE-2020-28968 | Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field. |
| CVE-2020-19664 | DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. |
| CVE-2020-15415 | On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472. |
| CVE-2020-14993 | A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi. |
| CVE-2020-14472 | On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file. |
| CVE-2020-10828 | A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. |
| CVE-2020-10827 | A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. |
| CVE-2020-10826 | /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. |
| CVE-2020-10825 | A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3). |
| CVE-2020-10824 | A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3). |
| CVE-2020-10823 | A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3). |
| CVE-2019-16534 | On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product. |
| CVE-2019-16533 | On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product. |
| CVE-2018-20872 | DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649. |
| CVE-2017-11650 | Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp. |
| CVE-2017-11649 | Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp. |
| CVE-2013-5703 | The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js. |
|
You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select “Other” from dropdown)
|
||
