Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

Nuclei
Nucleiadded 9 hours ago45 views

DrayTek Vigor - Command Injection

DrayTek Gateway devices Vigor2960, Vigor300B, etc. are vulnerable to command injection via the session parameter in the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint. An attacker can inject arbitrary commands and retrieve their output. id: CVE-2024-12987 info: name: DrayTek Vigor - Command...

9.8CVSS7.7AI score0.78989EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/01/09 9:33 a.m.6 views

CVE-2024-41339

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigo...

8.8CVSS7.3AI score0.00215EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2020-3231

Malware in sbrugna...

9.8CVSS9.3AI score0.05519EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-37930

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00306EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-5952

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.00147EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEVadded 2025/08/22 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-14993

A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi...

9.8CVSS6.6AI score0.11637EPSS
In wildExploits1References2
RedhatCVE
RedhatCVEadded 2025/03/01 12:23 a.m.7 views

CVE-2024-41338

A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to...

7.5CVSS6.7AI score0.00107EPSS
Exploits0References4
OSV
OSVadded 2025/02/27 9:15 p.m.2 views

CVE-2024-51138

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier;...

9.8CVSS6.4AI score0.04647EPSS
Exploits0References2
OSV
OSVadded 2025/02/27 9:15 p.m.2 views

CVE-2024-41334

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to...

8.8CVSS5.9AI score0.00147EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/02/27 12:0 a.m.7 views

CVE-2024-51138

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier;...

9.7AI score0.04647EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/02/27 12:0 a.m.6 views

CVE-2024-41334

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to...

9.9AI score0.00147EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/02/27 12:0 a.m.10 views

CVE-2024-51138

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier;...

0.04647EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/02/27 12:0 a.m.11 views

CVE-2024-51139

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5....

0.0361EPSS
Exploits0References2
CVE
CVEadded 2025/02/27 12:0 a.m.221 views

CVE-2024-51138

CVE-2024-51138 affects DrayTek Vigor series (e.g., Vigor165/166, Vigor2620/LTE200, Vigor2860/2925, Vigor2862/2926, Vigor2133/2762/2832, Vigor2135/2765/2766, Vigor2865/2866/2927, Vigor2962, Vigor3912, Vigor3910). The vulnerability is a stack-based buffer overflow in the URL parsing of the TR069 ST...

9.8CVSS7.7AI score0.04647EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2025/02/27 12:0 a.m.65 views

CVE-2024-41340

The CVE-2024-41340 issue affects multiple Draytek Vigor devices, where an attacker can upload crafted APP Enforcement modules, leading to arbitrary code execution. Affected models and minimum patched versions include: Vigor 165/166 before 4.2.6 (update to 4.2.6+), Vigor 2620/LTE200 before 3.9.8.8...

8.4CVSS7.4AI score0.00049EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2024/12/27 4:15 p.m.1 views

CVE-2024-12987

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command...

9.8CVSS5.5AI score0.78989EPSS
Exploits1References8
GithubExploit
GithubExploitadded 2023/10/27 8:58 a.m.1744 views

Exploit for Classic Buffer Overflow in Draytek Vigor3910_Firmware

CVE-2022-32548-RCE-POC DrayTek unauthenticated remote code exe...

10CVSS10AI score0.65569EPSS
Exploits2
ATTACKERKB
ATTACKERKBadded 2023/08/21 5:15 p.m.2 views

CVE-2023-31447

userlogin.cgi on Draytek Vigor2620 devices before 3.9.8.4 and on all versions of Vigor2925 devices allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code...

9.8CVSS7.7AI score0.00609EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEVadded 2022/01/12 12:0 a.m.1 views

VulnCheck KEV: CVE-2020-10827

A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request...

9.8CVSS8.1AI score0.13418EPSS
Exploits1References1
OSV
OSVadded 2020/06/23 12:15 p.m.1 views

CVE-2020-14993

A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi...

9.8CVSS8AI score
Exploits0References3
Rows per page
Query Builder