EUVD-2018-13410

Malware in sbrugna...

DrayTek Vigor Routers 安全漏洞

DrayTek Vigor Routers is a series of wireless routers from China-based DrayTek. A security vulnerability exists in DrayTek Vigor Routers that stems from the presence of uninitialized variables in the HTTP CGI request parameter handling component, which could lead to memory corruption and remote...

CVE-2023-23313

Certain Draytek products are vulnerable to Cross Site Scripting XSS via the wlogin.cgi script and userlogin.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915,...

CVE-2018-20872

DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649...

Draytek多款产品 安全漏洞

DrayTek Vigor 2620 and DrayTek Vigor 2860 are both routers from China Draytek DrayTek. A security vulnerability exists in several Draytek products that stems from the use of insecure strcmp and memcmp functions, which could lead to the disclosure of sensitive information. The following products a...

The vulnerability in the getSyslogFile function of the mainfunction.cgi web interface of the DrayTek Vigor router software allows a malicious individual to gain unauthorized access to confidential system files.

The vulnerability of the getSyslogFile function in the mainfunction.cgi web interface of the DrayTek Vigor router software is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain...

THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6)

Ever heard of a "pig butchering" scam? Or a DDoS attack so big it could melt your brain? This week's cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans. Get the scoop before it's too late! ⚡ Threat of the Week Double Trouble: Evil Corp&...

Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities

A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. "These vulnerabilities could enable attackers to take control of a router by injecting malicious code,...

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

CVE-2023-23313

Certain Draytek products are vulnerable to Cross Site Scripting XSS via the wlogin.cgi script and userlogin.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915,...

CVE-2023-23313

Certain Draytek products are vulnerable to Cross Site Scripting XSS via the wlogin.cgi script and userlogin.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915,...

DrayTek Routers Buffer Overflow (CVE-2022-32548)

A buffer overflow vulnerability exists in DrayTek Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers

Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers By Trellix · August 3, 2022 This story was written by Philippe Laulheret. Summary The Trellix Threat Labs Vulnerability Research team has found an unauthenticated remote code execution vulnerability, filed under...

Weak Password Vulnerability in DrayTek Series Router Login System

DrayTek Communication Technology Changshu Co., Ltd. Shanghai Branch is a wholly-owned subsidiary of Taiwan's DrayTek Technology Co., Ltd. and is formerly known as DrayTek Shanghai Office, which was established in October 2002. A weak password vulnerability exists in the login system of DrayTek...

DrayTek Vigor3900, Vigor2960 and Vigor300B Stack Buffer Overflow Vulnerability

DrayTek Vigor3900 and others are products of DrayTek Taiwan, China.DrayTek Vigor3900 is a broadband router/VPN gateway appliance.Vigor2960 is a load-balancing router and VPN gateway appliance.Vigor300B is a load-balancing router. A stack buffer overflow vulnerability exists in the DrayTek...

CVE-2018-20872

DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649...

CVE-2018-20872

DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649...

Cross site request forgery (csrf)

DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649...

CVE-2018-20872

DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649...

VulnCheck KEV: CVE-2018-20872

DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649...