Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-16534 | 1 Draytek | 8 Vigor2925 Firmware, Vigor2925ac, Vigor2925fn and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product. | |||||
CVE-2019-16533 | 1 Draytek | 8 Vigor2925 Firmware, Vigor2925ac, Vigor2925fn and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product. | |||||
CVE-2024-41593 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2024-10-08 | N/A | 9.8 CRITICAL |
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. | |||||
CVE-2024-41591 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2024-10-08 | N/A | 6.1 MEDIUM |
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. | |||||
CVE-2024-41587 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2024-10-08 | N/A | 5.4 MEDIUM |
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. | |||||
CVE-2024-41594 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2024-10-08 | N/A | 7.5 HIGH |
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. |