CVE-2024-41594
- EPSS 0.07%
- Veröffentlicht 03.10.2024 19:15:04
- Zuletzt bearbeitet 19.03.2025 16:15:26
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
- EPSS 0.06%
- Veröffentlicht 03.10.2024 19:15:04
- Zuletzt bearbeitet 11.06.2025 13:40:06
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.
CVE-2023-33778
- EPSS 0.25%
- Veröffentlicht 01.06.2023 04:15:10
- Zuletzt bearbeitet 09.01.2025 18:15:26
Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows a...
CVE-2023-23313
- EPSS 1.78%
- Veröffentlicht 03.03.2023 22:15:09
- Zuletzt bearbeitet 07.10.2025 19:00:07
Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor28...
CVE-2022-32548
- EPSS 70.53%
- Veröffentlicht 29.08.2022 06:15:09
- Zuletzt bearbeitet 21.11.2024 07:06:36
An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.