Lucene search
K

20 matches found

BDU FSTEC
BDU FSTEC
added 2025/04/15 12:0 a.m.8 views

The vulnerability of the APP Enforcement module of the DrayTek Vigor router software allows a violator to execute arbitrary code.

The vulnerability of the APP Enforcement APPE module of DrayTek Vigor router software is related to errors in the SSL certificate validation process. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.4AI score0.0036EPSS
Exploits0References4Affected Software33
BDU FSTEC
BDU FSTEC
added 2025/03/11 12:0 a.m.9 views

The vulnerability in the signature loading function of the APPE Signature Upgrade module of the DrayTek Vigor router microsoftware allows a violator to execute arbitrary code.

The vulnerability of the signature loading function in the APPE Signature Upgrade microprogramming software for DrayTek Vigor routers allows for unlimited loading of malicious files. Exploiting this vulnerability can enable a hacker to execute arbitrary code...

8.4CVSS8.3AI score0.00212EPSS
Exploits0References4Affected Software20
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.8 views

The vulnerability in the mainfunction.cgii web interface of DrayTek Vigor software allows a hacker to execute arbitrary code.

The vulnerability in the mainfunction.cgii web interface of the DrayTek Vigor router software lies in the issue of buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code during the processing of the formuserphonenumber parameter...

10CVSS8.5AI score0.05328EPSS
Exploits1References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.5 views

The vulnerability of the chglog.cgi web interface of the DrayTek Vigor router software allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability of the chglog.cgi web interface of the DrayTek Vigor router software lies in the buffer overflow that occurs during the processing of the CGIbyFieldName parameter. Exploiting this vulnerability allows an attacker to trigger a Denial-of-Service attack from a remote location...

7.8CVSS5.8AI score0.00523EPSS
Exploits0References3Affected Software10
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.8 views

The vulnerability in the mainfunction.cgi web interface of the DrayTek Vigor router software allows a hacker to execute arbitrary code.

The vulnerability in the mainfunction.cgi web interface of the DrayTek Vigor router software exists due to the failure to implement measures to neutralize specific elements. Exploiting this vulnerability allows an attacker to execute arbitrary commands during the processing of parameters...

7.8CVSS7.5AI score0.06717EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.7 views

The vulnerability of the sub_1DF14 function in the mainfunction.cgi web interface of the DrayTek Vigor router software allows a hacker to gain unauthorized access to confidential system files.

The vulnerability of the sub1DF14 function in the mainfunction.cgi web interface of the DrayTek Vigor router software is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to...

6.8CVSS6.3AI score0.15687EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.6 views

The vulnerability of the `ldap_search_dn` function in the `mainfunction.cgi` script of the DrayTek Vigor router’s web interface allows a hacker to execute arbitrary commands.

The vulnerability of the ldapsearchdn function in the mainfunction.cg script of the DrayTek Vigor router’s web interface is related to the lack of measures taken at the control level to clean data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS5.9AI score0.00597EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.8 views

The vulnerability of the vpn.cgi web interface script of the DrayTek Vigor router software allows a hacker to trigger a service failure.

The vulnerability of the vpn.cgi web interface of the DrayTek Vigor router operating system is related to buffer overflow during the processing of the sPeerId parameter. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

7.8CVSS5.9AI score0.00424EPSS
Exploits0References3Affected Software16
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.23 views

The vulnerability in the SSLapp.cgi web interface of the DrayTek Vigor router software allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability in the SSLapp.cgi web interface of the DrayTek Vigor router software lies in the buffer overflow that occurs during the processing of the sAppName parameter. Exploiting this vulnerability allows an attacker to trigger a Denial-of-Service Attack DoS from a remote location...

7.8CVSS5.8AI score0.00523EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.6 views

The vulnerability of the v2x00.cgi web interface of the DrayTek Vigor router software allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability of the v2x00.cgi web interface of the DrayTek Vigor router software lies in the buffer overflow that occurs during the processing of the saveVPNProfile parameter. Exploiting this vulnerability allows a malicious actor to trigger a Denial-of-Service attack from a remote location...

7.8CVSS5.8AI score0.0045EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.6 views

The vulnerability in the mainfunction.cgii web interface of the DrayTek Vigor router software allows a hacker to inject any command they desire.

The vulnerability in the mainfunction.cgii web interface of the DrayTek Vigor router software exists due to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a malicious actor to inject arbitrary commands remotely...

10CVSS7.9AI score0.02931EPSS
Exploits1References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.8 views

The vulnerability of the user_login.cgi web interface of the DrayTek Vigor router software allows a hacker to execute arbitrary code.

The vulnerability of the userlogin.cgi web interface of the DrayTek Vigor router software lies in improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.2AI score0.0086EPSS
Exploits0References4Affected Software31
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.8 views

The vulnerability of the web interface of DrayTek Vigor microprogramming software allows attackers to carry out cross-site scripting attacks.

The vulnerability of the web interface of DrayTek Vigor microprogramming software routers exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

5.5CVSS5.5AI score0.0024EPSS
Exploits0References3Affected Software24
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.9 views

The vulnerability of DrayTek Vigor router microprogramming software, related to deficiencies in authentication procedures, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of DrayTek Vigor router microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information...

8.8CVSS5.8AI score0.0032EPSS
Exploits0References3Affected Software24
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.6 views

The vulnerability of the web interface of DrayTek Vigor microprogramming software-enabled routers allows a hacker to modify settings or cause service failures.

The vulnerability of the web interface of DrayTek Vigor microprogramming software lies in the writing and reading of data beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to modify settings remotely or cause service failures...

8CVSS6AI score0.00342EPSS
Exploits0References3Affected Software24
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.7 views

The vulnerability of the ft_payloads_dns() function in the web interface of the DrayTek Vigor router software allows a hacker to induce a service failure.

The vulnerability of the ftpayloadsdns function in the web interface of the DrayTek Vigor router software is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

7.8CVSS6.2AI score0.00885EPSS
Exploits0References3Affected Software24
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.7 views

The vulnerability in the /cgi-bin/ipfedr.cgi web interface of DrayTek Vigor software allows a attacker to execute arbitrary code or cause a service failure.

The vulnerability of the /cgi-bin/ipfedr.cgi web interface of the DrayTek Vigor router software lies in buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure by sending a specially crafted HTTP request...

8CVSS6.6AI score0.00464EPSS
Exploits0References3Affected Software24
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.6 views

The vulnerability of DrayTek Vigor router microprogramming software, related to insufficiently secure data encryption, allows attackers to disclose protected information and perform a “Man-in-the-Middle” attack.

The vulnerability of DrayTek Vigor router microprogramming software is related to insufficiently robust data encryption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information and carry out a Middleware Incident Response Team MITM attack...

7.8CVSS5.8AI score0.00271EPSS
Exploits0References3Affected Software24
BDU FSTEC
BDU FSTEC
added 2022/08/08 12:0 a.m.9 views

The vulnerability in the /cgi-bin/wlogin.cgi web interface for managing DrayTek Vigor router software allows a hacker to execute arbitrary code.

The vulnerability in the CGI-BIN/WLOGIN.CGI web interface script of the DrayTek Vigor router software relates to the execution of operations beyond the buffer limits in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted HTTP POST...

10CVSS8.8AI score0.33795EPSS
Exploits2References4Affected Software25
CNVD
CNVD
added 2022/03/30 12:0 a.m.27 views

DrayTek Vigor Remote Command Injection Vulnerability

DrayTek Vigor is a router. A remote command injection vulnerability exists in DrayTek Vigor, which can be exploited by attackers to allow a remote malicious user to execute arbitrary code via a crafted HTTP message containing a malformed query string in mainfunction.cgi...

9.8CVSS7.1AI score0.34845EPSS
Exploits1References1
Rows per page
Query Builder