Vigor1000b Firmware Security Vulnerabilities and Issues — Vigor1000b Firmware CVE List

Lucene search

DraytekVigor1000b Firmware

12 matches found

CVE•added 2022/08/29 6:15 a.m.•349 views

CVE-2022-32548

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.

10CVSS9.6AI score0.63115EPSS

CVE•added 2025/02/27 9:15 p.m.•204 views

CVE-2024-51138

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor391...

9.8CVSS7.7AI score0.00591EPSS

CVE•added 2025/02/27 9:15 p.m.•198 views

CVE-2024-51139

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 ...

9.8CVSS7.6AI score0.00344EPSS

CVE•added 2023/06/01 4:15 a.m.•75 views

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own...

9.8CVSS9.4AI score0.00104EPSS

CVE•added 2024/10/03 7:15 p.m.•75 views

CVE-2024-41592

DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.

8CVSS7AI score0.01127EPSS

CVE•added 2024/10/03 7:15 p.m.•52 views

CVE-2024-41594

An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.

7.5CVSS6.1AI score0.00067EPSS

CVE•added 2024/10/03 7:15 p.m.•47 views

CVE-2024-41593

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.

9.8CVSS7.8AI score0.02171EPSS

CVE•added 2024/10/03 7:15 p.m.•47 views

CVE-2024-41596

Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.

8CVSS7AI score0.00066EPSS

CVE•added 2024/10/03 7:15 p.m.•46 views

CVE-2024-41588

The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.

8CVSS6.8AI score0.00068EPSS

CVE•added 2024/10/03 7:15 p.m.•44 views

CVE-2024-41591

DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.

6.1CVSS6.9AI score0.00124EPSS

CVE•added 2024/10/03 7:15 p.m.•43 views

CVE-2024-41587

Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.

5.4CVSS6.4AI score0.00069EPSS

CVE•added 2024/10/03 7:15 p.m.•42 views

CVE-2024-41590

Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.

8CVSS6.7AI score0.00078EPSS