- EPSS 2.03%
- Veröffentlicht 03.10.2024 19:15:04
- Zuletzt bearbeitet 03.06.2025 13:52:04
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.
CVE-2024-41593
- EPSS 7.69%
- Veröffentlicht 03.10.2024 19:15:04
- Zuletzt bearbeitet 13.03.2025 19:15:47
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Ove...
CVE-2024-41594
- EPSS 0.07%
- Veröffentlicht 03.10.2024 19:15:04
- Zuletzt bearbeitet 19.03.2025 16:15:26
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
- EPSS 0.06%
- Veröffentlicht 03.10.2024 19:15:04
- Zuletzt bearbeitet 11.06.2025 13:40:06
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.
CVE-2023-31447
- EPSS 0.18%
- Veröffentlicht 21.08.2023 17:15:46
- Zuletzt bearbeitet 21.11.2024 08:01:52
user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.