Filtered by vendor Draytek
Subscriptions
Total
124 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41596 | 1 Draytek | 1 Vigor3910 Firmware | 2024-10-04 | 8 High |
| Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. | ||||
| CVE-2024-41583 | 1 Draytek | 1 Vigor3910 Firmware | 2024-10-04 | 4.7 Medium |
| DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name. | ||||
| CVE-2024-41584 | 1 Draytek | 1 Vigor3910 Firmware | 2024-10-04 | 4.7 Medium |
| DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter. | ||||
| CVE-2024-41586 | 1 Draytek | 1 Vigor3910 Firmware | 2024-10-04 | 8 High |
| A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. | ||||
| CVE-2024-41592 | 1 Draytek | 1 Vigor3910 Firmware | 2024-10-04 | 8 High |
| DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. | ||||
| CVE-2024-41595 | 1 Draytek | 1 Vigor3910 Firmware | 2024-10-04 | 8 High |
| DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations. | ||||
| CVE-2024-46550 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46580 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46571 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46568 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46567 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46566 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at sslapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46565 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46564 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46561 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46560 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46559 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46558 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46557 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46556 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2024-09-24 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||