Lucene search
K
DraytekVigor2763 Firmware

11 matches found

CVE
CVE
added 2025/02/27 12:0 a.m.244 views

CVE-2024-51139

The CVE-2024-51139 entry describes a Buffer Overflow in DrayTek/Vigor devices where the CGI parser mishandles the Content-Length header of HTTP POST requests, enabling potential remote arbitrary-code execution. Affected devices and versions include Vigor2620/LTE200 up to 3.9.8.9 and earlier, Vigo...

9.8CVSS7.6AI score0.00945EPSS
CVE
CVE
added 2025/02/27 12:0 a.m.238 views

CVE-2024-51138

CVE-2024-51138 affects DrayTek Vigor series (e.g., Vigor165/166, Vigor2620/LTE200, Vigor2860/2925, Vigor2862/2926, Vigor2133/2762/2832, Vigor2135/2765/2766, Vigor2865/2866/2927, Vigor2962, Vigor3912, Vigor3910). The vulnerability is a stack-based buffer overflow in the URL parsing of the TR069 ST...

9.8CVSS7.7AI score0.00999EPSS
CVE
CVE
added 2023/03/03 12:0 a.m.134 views

CVE-2023-23313

CVE-2023-23313 affects DrayTek Vigor routers via XSS in the wlogin.cgi and user_login.cgi web portal scripts. Affected models span multiple series and firmware versions (e.g., Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865/2866 v4.4.1.0; Vigor2927 v4.4.2.2; Vigor2915, Vigor2765/2766/2135 v4...

6.1CVSS6AI score0.00357EPSS
CVE
CVE
added 2024/10/03 12:0 a.m.95 views

CVE-2024-41592

CVE-2024-41592 affects DrayTek Vigor3910 devices up to 4.3.2.6. The issue is a stack-based overflow in the GetCGI function when processing query string parameters (extraneous ampersands and long key–value pairs). Exploitation could lead to arbitrary code execution or DoS as described in multiple ...

8CVSS7AI score0.01397EPSS
CVE
CVE
added 2024/10/03 12:0 a.m.74 views

CVE-2024-41593

CVE-2024-41593 affects DrayTek Vigor310 devices up to version 4.3.2.6. The vulnerability is a heap-based buffer overflow in the web interface function ft_payload_dns due to a byte sign-extension in the length argument of a memcpy call, enabling remote code execution. Connected sources confirm the...

9.8CVSS7.8AI score0.00885EPSS
CVE
CVE
added 2024/10/03 12:0 a.m.71 views

CVE-2024-41594

DrayTek Vigor310 devices up to version 4.3.2.6 are affected by CVE-2024-41594 due to the httpd server seeding the OpenSSL PRNG with a static string. This enables an information-disclosure vector (and related MITM risk) via the Vigor310 management UI. Connected sources provide concrete details: af...

7.5CVSS6.1AI score0.00271EPSS
CVE
CVE
added 2024/10/03 12:0 a.m.65 views

CVE-2024-41590

CVE-2024-41590 affects DrayTek Vigor310 routers, where the web UI CGI endpoints expose a buffer overflow via missing bounds checks on POST parameters passed to strcpy. Affected firmware includes versions up to 4.3.2.6, and exploitation requires authenticated access. The Red Hat/NCSC/PT-Security e...

8CVSS6.7AI score0.00329EPSS
CVE
CVE
added 2024/10/03 12:0 a.m.65 views

CVE-2024-41591

CVE-2024-41591 affects DrayTek Vigor3910 devices (firmware up to 4.3.2.6) with an unauthenticated DOM-based reflected XSS in the Web UI. Root cause: insufficient protection for the web page structure in the router’s firmware, enabling manipulation of the DOM by crafted input. Impact: cross-site s...

6.1CVSS6.9AI score0.00256EPSS
CVE
CVE
added 2024/10/03 12:0 a.m.64 views

CVE-2024-41587

CVE-2024-41587 affects DrayTek Vigor310 devices (through firmware 4.3.2.6) with a stored XSS in the login page greeting introduced by poor sanitization. Authenticated users can inject script via the Greeting message, with impact limited to the affected web UI context (confidentiality/integrity im...

5.4CVSS6.4AI score0.0024EPSS
CVE
CVE
added 2024/10/03 12:0 a.m.64 views

CVE-2024-41596

CVE-2024-41596 affects DrayTek Vigor310 devices (versions up to 4.3.2.6). The vulnerability is a buffer overflow in the web UI caused by improper retrieval/handling of CGI form parameters, enabling a remote attacker to potentially execute arbitrary code or cause a denial of service via crafted re...

8CVSS7AI score0.00328EPSS
CVE
CVE
added 2024/10/03 12:0 a.m.62 views

CVE-2024-41588

Affected software: DrayTek Vigor3910 (through 4.3.2.6). Vulnerable endpoints: CGI pages /cgi-bin/v2x00.cgi and /cgi-bin/cgiwcg.cgi. Root cause: Missing bounds checking in POST parameters passed to strncpy, allowing a buffer overflow. Actors: Authenticated users. Impact (as stated): Buffer overflo...

8CVSS6.8AI score0.00328EPSS