Lucene search
K

1281 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.12 views

CVE-2023-31447

userlogin.cgi on Draytek Vigor2620 devices before 3.9.8.4 and on all versions of Vigor2925 devices allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code...

9.8CVSS7.6AI score0.0086EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.8 views

CVE-2020-10824

A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 2 of 3...

9.8CVSS8.1AI score0.03983EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.6 views

CVE-2020-10826

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode...

10CVSS7.6AI score0.39389EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:52 a.m.10 views

CVE-2020-10827

A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request...

9.8CVSS9.8AI score0.20881EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.6 views

CVE-2020-10823

A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 1 of 3...

9.8CVSS8.1AI score0.04317EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.6 views

CVE-2024-41592

DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs...

8CVSS7.5AI score0.01397EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.9 views

CVE-2024-41583

DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting XSS by authenticated users due to poor sanitization of the router name...

4.7CVSS5.8AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.9 views

CVE-2024-41336

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to...

7.5CVSS7.2AI score0.00408EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.10 views

CVE-2024-41587

Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6...

5.4CVSS6.7AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.10 views

CVE-2024-41596

Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 in the Vigor management UI because of improper retrieval and handling of the CGI form parameters...

8CVSS7.4AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.9 views

CVE-2024-41584

DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter...

4.7CVSS6.1AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.12 views

CVE-2024-41593

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ftpayloaddns, because a byte sign-extension operation occurs for the length argument of a memcpy call, leading to a heap-based Buffer Overflow...

9.8CVSS8.2AI score0.00885EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.11 views

CVE-2024-41588

The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function...

8CVSS7.1AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.13 views

CVE-2024-41591

DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS...

6.1CVSS7.2AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.8 views

CVE-2019-16533

On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product...

6.1CVSS7.1AI score0.00802EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-3229

Malware in sbrugna...

9.8CVSS9.3AI score0.04317EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-3231

Malware in sbrugna...

9.8CVSS9.3AI score0.03983EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-7123

Malware in sbrugna...

9.8CVSS9.3AI score0.05328EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-7207

Malware in sbrugna...

6.1CVSS6.3AI score0.00802EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-11567

Malware in sbrugna...

8.8CVSS8.6AI score0.05306EPSS
Exploits1References5
Rows per page
Query Builder