Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vigor3900_firmware vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-42911
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user exec...
Draytek Vigor2960 Firmware
Draytek Vigor3900 Firmware
Draytek Vigor300b Firmware
668
VMScore
CVE-2020-14993
A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices prior to 1.5.1.1 allows remote malicious users to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.
Draytek Vigor300b Firmware
Draytek Vigor2960 Firmware
Draytek Vigor3900 Firmware
668
VMScore
CVE-2020-10824
A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices prior to 1.5.1 allows remote malicious users to achieve code execution via a remote HTTP request (issue 2 of 3).
Draytek Vigor300b Firmware
Draytek Vigor3900 Firmware
Draytek Vigor2960 Firmware
890
VMScore
CVE-2020-10826
/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices prior to 1.5.1 allows remote malicious users to achieve command injection via a remote HTTP request in DEBUG mode.
Draytek Vigor300b Firmware
Draytek Vigor3900 Firmware
Draytek Vigor2960 Firmware
668
VMScore
CVE-2020-10827
A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices prior to 1.5.1 allows remote malicious users to achieve code execution via a remote HTTP request.
Draytek Vigor300b Firmware
Draytek Vigor3900 Firmware
Draytek Vigor2960 Firmware
668
VMScore
CVE-2020-14472
On Draytek Vigor3900, Vigor2960, and Vigor 300B devices prior to 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.
Draytek Vigor300b Firmware
Draytek Vigor2960 Firmware
Draytek Vigor3900 Firmware
668
VMScore
CVE-2020-10823
A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices prior to 1.5.1 allows remote malicious users to achieve code execution via a remote HTTP request (issue 1 of 3).
Draytek Vigor300b Firmware
Draytek Vigor3900 Firmware
Draytek Vigor2960 Firmware
668
VMScore
CVE-2020-10825
A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices prior to 1.5.1 allows remote malicious users to achieve code execution via a remote HTTP request (issue 3 of 3).
Draytek Vigor300b Firmware
Draytek Vigor3900 Firmware
Draytek Vigor2960 Firmware
668
VMScore
CVE-2020-10828
A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices prior to 1.5.1 allows remote malicious users to achieve code execution via a remote HTTP request.
Draytek Vigor300b Firmware
Draytek Vigor3900 Firmware
Draytek Vigor2960 Firmware
668
VMScore
CVE-2020-14473
Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware prior to 1.5.1.1.
Draytek Vigor300b Firmware
Draytek Vigor2960 Firmware
Draytek Vigor3900 Firmware
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »