Lucene search
+L

19 matches found

CERT
CERT
added 2025/10/03 12:0 a.m.7 views

Vigor routers running DrayOS are vulnerable to RCE via EasyVPN and LAN web administration interface

Overview A remote code execution RCE vulnerability was discovered through the EasyVPN and LAN web administration interface of Vigor routers by Drayteck. A script in the LAN web administration interface uses an unitialized variable, allowing an attacker to inject arbitrary commands through memory...

9.8CVSS6.9AI score0.00574EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:3 a.m.10 views

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

9.8CVSS7.3AI score0.00599EPSS
Exploits1References1
CISA
CISA
added 2025/05/15 12:0 p.m.30 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Updated June 5, 2025 CISA is continually collaborating with partners across government and the private sector. Through this collaboration, CISA learned that CVE-2025-4664 has not been exploited and there is insufficient evidence to keep this CVE on the KEV and that the best course of action is to...

9.8CVSS7.7AI score0.98084EPSS
Exploits6References8
CISA KEV Catalog
CISA KEV Catalog
added 2025/05/15 12:0 a.m.303 views

DrayTek Vigor Routers OS Command Injection Vulnerability

DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface...

9.8CVSS7.8AI score0.98084EPSS
In wildExploits1
VulnCheck KEV
VulnCheck KEV
added 2025/02/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-12987

DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface...

9.8CVSS7.2AI score0.98084EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.7 views

The vulnerability in the mainfunction.cgii web interface of DrayTek Vigor software allows a hacker to execute arbitrary code.

The vulnerability in the mainfunction.cgii web interface of the DrayTek Vigor router software exists due to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

10CVSS8.1AI score0.34845EPSS
Exploits1References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.7 views

The vulnerability of the web interface of Draytek Vigor routers, Draytek Vigor access points, Draytek Vigor switches, and the cloud platform Draytek Vigor Myvigor arises from the use of rigidly encrypted credentials. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the web interface of Draytek Vigor routers, Draytek Vigor access points, Draytek Vigor switches, and the cloud platform Draytek Vigor Myvigor is related to the use of rigidly encrypted login credentials. Exploiting this vulnerability allows a malicious actor to compromise the...

10CVSS7.7AI score0.00599EPSS
Exploits1References2Affected Software72
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.7 views

The vulnerability in the inetipv6.cgi web interface of the DrayTek Vigor router software allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability in the SSLapp.cgi web interface of the DrayTek Vigor router software lies in the overflow of buffers on the stack during the processing of the sIpv6AiccuUser parameter. Exploiting this vulnerability allows a remote attacker to trigger a Denial-of-Service attack...

7.8CVSS5.6AI score0.0045EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/19 12:0 a.m.6 views

The vulnerability of the doOpenVPN() function in the mainfunction.cgi script of the DrayTek Vigor 3900, Vigor 2960, and Vigor 300B routers allows a hacker to execute arbitrary commands.

The vulnerability of the doOpenVPN function in the mainfunction.cgi script of the DrayTek Vigor 3900, Vigor 2960, and Vigor 300B routers is related to the failure to eliminate the and & elements used in the operating system’s command when processing the action parameter. Exploiting this...

8CVSS5.9AI score0.02081EPSS
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/11/19 12:0 a.m.5 views

The vulnerability of the set_ap_map_config() function in the mainfunction.cgi script of the DrayTek Vigor 3900, Vigor 2960, and Vigor 300B router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setapmapconfig function in the mainfunction.cgi script of the DrayTek Vigor 3900, Vigor 2960, and Vigor 300B routers relates to the failure to eliminate the and & elements used in the operating system’s command when processing the action parameter. Exploiting this...

8CVSS5.9AI score0.02081EPSS
Exploits0References3Affected Software3
NVD
NVD
added 2023/06/01 4:15 a.m.30 views

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

9.8CVSS9.6AI score0.00599EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/06/01 12:0 a.m.5 views

Draytek Vigor Routers 信任管理问题漏洞

DrayTek Vigor routers are a series of routers from DrayTek Taiwan. A security vulnerability exists in Draytek Vigor Routers firmware versions prior to 3.9.6/4.2.4, Access Points firmware versions prior to v1.4.0, Switches firmware versions prior to 2.6.7, Myvigor firmware versions prior to 2.3.2 ...

9.8CVSS8.4AI score0.00599EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.10 views

PT-2023-9803 · Draytek · Draytek Vigor Switches +3

Name of the Vulnerable Software and Affected Versions: Draytek Vigor Routers versions below 3.9.6/4.2.4 Draytek Vigor Access Points versions below v1.4.0 Draytek Vigor Switches versions below 2.6.7 Draytek Vigor Myvigor versions below 2.3.2 Description: The issue is related to the use of hardcode...

9.8CVSS6.9AI score0.00599EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/03/03 12:0 a.m.4 views

DrayTek Vigor routers 跨站脚本漏洞

DrayTek Vigor routers are a series of routers from Taiwan-based DrayTek. A security vulnerability exists in DrayTek Vigor routers, which stems from a cross-site scripting XSS vulnerability...

6.1CVSS5.9AI score0.00357EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/02/17 9:25 a.m.3 views

New Mirai Botnet Variant 'V3G4' Exploiting 13 Flaws to Target Linux and IoT Devices

A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different...

7.5CVSS8AI score0.70252EPSS
Exploits2
Microsoft Secure
Microsoft Secure
added 2022/10/21 4:0 p.m.60 views

Securing IoT devices against attacks that target critical infrastructure

South Staffordshire PLC, a company that supplies water to over one million customers in the United Kingdom, notified its customers in August of being a target of a criminal cyberattack. This incident highlights the sophisticated threats that critical industries face today. According to South...

10CVSS0.5AI score0.99993EPSS
Exploits7
OSV
OSV
added 2022/08/29 6:15 a.m.4 views

CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field...

9.8CVSS6.1AI score0.33795EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.24 views

DrayTek Vigor routers 安全漏洞

DrayTek Vigor routers are a series of routers from Taiwan-based DrayTek. A security vulnerability exists in DrayTek Vigor routers, which stems from a buffer overflow in its /cgi-bin/wlogin.cgi component leading to an attacker being able to pass a username or password to the aa or ab field. The...

10CVSS7.3AI score0.33795EPSS
Exploits2References3
NCSC
NCSC
added 2022/08/04 12:0 a.m.17 views

Vulnerability fixed in DrayTek Vigor routers

Researchers from security firm Trellix have found a vulnerability found in DrayTek Vigor routers. A unauthenticated malicious person with network access to the management interface could exploit the vulnerability to execute arbitrary code. This allows the malicious party to gain control of the...

10CVSS6.9AI score0.33795EPSS
Exploits2
Rows per page
Query Builder