Vulnerabilities (CVE)

Filtered by vendor Draytek Subscribe
Filtered by product Vigor2926 Firmware
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-41593 1 Draytek 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more 2024-10-08 N/A 9.8 CRITICAL
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.
CVE-2024-41591 1 Draytek 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more 2024-10-08 N/A 6.1 MEDIUM
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
CVE-2024-41587 1 Draytek 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more 2024-10-08 N/A 5.4 MEDIUM
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
CVE-2024-41594 1 Draytek 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more 2024-10-08 N/A 7.5 HIGH
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
CVE-2022-32548 1 Draytek 136 Vigor1000b, Vigor1000b Firmware, Vigor165 and 133 more 2024-02-28 N/A 9.8 CRITICAL
An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.