Vigor2763 Firmware Security Vulnerabilities and Issues — Vigor2763 Firmware CVE List

Lucene search

DraytekVigor2763 Firmware

11 matches found

CVE•added 2025/02/27 9:15 p.m.•204 views

CVE-2024-51138

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor391...

9.8CVSS7.7AI score0.00591EPSS

CVE•added 2025/02/27 9:15 p.m.•198 views

CVE-2024-51139

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 ...

9.8CVSS7.6AI score0.00344EPSS

CVE•added 2023/03/03 10:15 p.m.•112 views

CVE-2023-23313

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, V...

6.1CVSS6AI score0.00154EPSS

CVE•added 2024/10/03 7:15 p.m.•75 views

CVE-2024-41592

DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.

8CVSS7AI score0.01127EPSS

CVE•added 2024/10/03 7:15 p.m.•52 views

CVE-2024-41594

An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.

7.5CVSS6.1AI score0.00067EPSS

CVE•added 2024/10/03 7:15 p.m.•47 views

CVE-2024-41593

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.

9.8CVSS7.8AI score0.02171EPSS

CVE•added 2024/10/03 7:15 p.m.•47 views

CVE-2024-41596

Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.

8CVSS7AI score0.00066EPSS

CVE•added 2024/10/03 7:15 p.m.•46 views

CVE-2024-41588

The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.

8CVSS6.8AI score0.00068EPSS

CVE•added 2024/10/03 7:15 p.m.•44 views

CVE-2024-41591

DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.

6.1CVSS6.9AI score0.00124EPSS

CVE•added 2024/10/03 7:15 p.m.•43 views

CVE-2024-41587

Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.

5.4CVSS6.4AI score0.00069EPSS

CVE•added 2024/10/03 7:15 p.m.•42 views

CVE-2024-41590

Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.

8CVSS6.7AI score0.00078EPSS