Vigor2960 Firmware@* Security Vulnerabilities and Issues — Vigor2960 Firmware@* CVE List

Lucene search

DraytekVigor2960 Firmware*

14 matches found

CVE•added 2020/06/30 2:15 p.m.•168 views

CVE-2020-15415

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.

9.8CVSS9.5AI score0.92854EPSS

CVE•added 2020/03/26 5:15 p.m.•163 views

CVE-2020-10828

A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.

9.8CVSS9.8AI score0.22823EPSS

CVE•added 2020/03/26 5:15 p.m.•161 views

CVE-2020-10826

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.

10CVSS9.6AI score0.61528EPSS

CVE•added 2020/03/26 5:15 p.m.•157 views

CVE-2020-10827

A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.

9.8CVSS9.8AI score0.22823EPSS

CVE•added 2020/06/24 5:15 p.m.•128 views

CVE-2020-14472

On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.

9.8CVSS9.5AI score0.01062EPSS

CVE•added 2020/12/31 2:15 a.m.•79 views

CVE-2020-19664

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.

8.8CVSS8.7AI score0.09448EPSS

CVE•added 2022/03/29 8:15 p.m.•57 views

CVE-2021-42911

A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B

9.8CVSS9.4AI score0.12542EPSS

CVE•added 2020/03/26 5:15 p.m.•53 views

CVE-2020-10824

A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).

9.8CVSS9.8AI score0.05519EPSS

CVE•added 2024/12/27 4:15 p.m.•53 views

CVE-2024-12986

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session lea...

9.8CVSS7.7AI score0.3821EPSS

CVE•added 2020/03/26 5:15 p.m.•52 views

CVE-2020-10825

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).

9.8CVSS9.8AI score0.05519EPSS

CVE•added 2024/08/21 4:15 p.m.•51 views

CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi.

8CVSS8.1AI score0.02192EPSS

CVE•added 2020/03/26 5:15 p.m.•50 views

CVE-2020-10823

A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).

9.8CVSS9.8AI score0.05519EPSS

CVE•added 2020/06/24 5:15 p.m.•40 views

CVE-2020-14473

Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.

9.8CVSS9.7AI score0.00891EPSS

CVE•added 2020/06/23 12:15 p.m.•31 views

CVE-2020-14993

A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.

9.8CVSS9.9AI score0.06605EPSS