CVE-2024-41591
- EPSS 0.31%
- Veröffentlicht 03.10.2024 19:15:04
- Zuletzt bearbeitet 14.03.2025 16:15:34
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
- EPSS 0.11%
- Veröffentlicht 03.10.2024 19:15:04
- Zuletzt bearbeitet 11.06.2025 13:49:57
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.
- EPSS 0.1%
- Veröffentlicht 03.10.2024 19:15:04
- Zuletzt bearbeitet 11.06.2025 13:54:06
The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.
CVE-2024-41587
- EPSS 0.17%
- Veröffentlicht 03.10.2024 19:15:04
- Zuletzt bearbeitet 18.03.2025 16:15:22
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
CVE-2023-23313
- EPSS 1.78%
- Veröffentlicht 03.03.2023 22:15:09
- Zuletzt bearbeitet 07.10.2025 19:00:07
Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor28...
CVE-2019-16533
- EPSS 0.24%
- Veröffentlicht 20.09.2019 16:15:13
- Zuletzt bearbeitet 21.11.2024 04:30:46
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
CVE-2019-16534
- EPSS 0.24%
- Veröffentlicht 20.09.2019 16:15:13
- Zuletzt bearbeitet 21.11.2024 04:30:46
On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.