Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
draytek vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2020-19664
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.
Draytek Vigor2960 Firmware
1 Github repository
5
CVSSv2
CVE-2020-3932
A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage.
Draytek Vigorap 910c Firmware 1.3.1
6.8
CVSSv2
CVE-2017-11649
Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote malicious users to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setS...
Draytek Vigorap 910c Firmware 1.2.0
NA
CVE-2023-47254
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote malicious users to execute arbitrary system commands and escalate privileges via any account created within the web interface.
Draytek Vigor167 Firmware 5.2.2
NA
CVE-2023-24229
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supporte...
Draytek Vigor2960 Firmware 1.5.1.4
NA
CVE-2023-1162
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument password le...
Draytek Vigor 2960 Firmware 1.5.1.4
NA
CVE-2023-1163
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation o...
Draytek Vigor 2960 Firmware 1.5.1.4
5
CVSSv2
CVE-2021-20129
An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated malicious user to export system logs.
Draytek Vigorconnect 1.6.0
4.3
CVSSv2
CVE-2019-16533
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
Draytek Vigor2925 Firmware 3.8.4.3
4.3
CVSSv2
CVE-2019-16534
On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.
Draytek Vigor2925 Firmware 3.8.4.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »