Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
draytek vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2023-1009
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option...
Draytek Vigor2960 Firmware 1.5.1.4
8.8
CVSSv3
CVE-2023-1162
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument password le...
Draytek Vigor 2960 Firmware 1.5.1.4
8.8
CVSSv3
CVE-2017-11649
Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote malicious users to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setS...
Draytek Vigorap 910c Firmware 1.2.0
7.8
CVSSv3
CVE-2023-24229
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supporte...
Draytek Vigor2960 Firmware 1.5.1.4
6.5
CVSSv3
CVE-2023-1163
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation o...
Draytek Vigor 2960 Firmware 1.5.1.4
6.1
CVSSv3
CVE-2019-16533
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
Draytek Vigor2925 Firmware 3.8.4.3
6.1
CVSSv3
CVE-2019-16534
On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.
Draytek Vigor2925 Firmware 3.8.4.3
6.1
CVSSv3
CVE-2017-11650
Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote malicious users to inject arbitrary web script or HTML via vectors involving home.asp.
Draytek Vigorap 910c Firmware 1.2.0
6.5
CVSSv3
CVE-2018-20872
DrayTek routers prior to 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649.
I-lan Draytekl Firmware
NA
CVE-2024-23721
A Directory Traversal issue exists in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4