10 matches found
EUVD-2023-35755
Malicious code in bioql PyPI...
CVE-2023-23313
Certain Draytek products are vulnerable to Cross Site Scripting XSS via the wlogin.cgi script and userlogin.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915,...
CVE-2023-31447
userlogin.cgi on Draytek Vigor2620 devices before 3.9.8.4 and on all versions of Vigor2925 devices allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code...
CVE-2023-31447
userlogin.cgi on Draytek Vigor2620 devices before 3.9.8.4 and on all versions of Vigor2925 devices allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code...
Draytek Vigor2620 安全漏洞
The DrayTek Draytek Vigor2620 is a wireless router from China-based DrayTek. A security vulnerability exists in the Draytek Vigor2620 prior to version 3.9.8.4, which originates in userlogin.cgi and allows an attacker to send a crafted payload that modifies the contents of a snippet, inserts...
CVE-2023-31447
userlogin.cgi on Draytek Vigor2620 devices before 3.9.8.4 and on all versions of Vigor2925 devices allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code...
CVE-2023-31447
CVE-2023-31447 affects DrayTek Vigor2620 (before 3.9.8.4) and all Vigor2925 devices. The vulnerability resides in the web interface script user_login.cgi , where a crafted payload can modify a code segment, insert shellcode, and execute arbitrary code on the device. Public sources confirm the imp...
CVE-2023-31447
userlogin.cgi on Draytek Vigor2620 devices before 3.9.8.4 and on all versions of Vigor2925 devices allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code...
Cross site scripting
Certain Draytek products are vulnerable to Cross Site Scripting XSS via the wlogin.cgi script and userlogin.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915,...
CVE-2023-23313
CVE-2023-23313 affects DrayTek Vigor routers via XSS in the wlogin.cgi and user_login.cgi web portal scripts. Affected models span multiple series and firmware versions (e.g., Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865/2866 v4.4.1.0; Vigor2927 v4.4.2.2; Vigor2915, Vigor2765/2766/2135 v4...