Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
draytek vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-19664
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.
Draytek Vigor2960 Firmware
1 Github repository
6.5
CVSSv3
CVE-2023-1163
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation o...
Draytek Vigor 2960 Firmware 1.5.1.4
6.1
CVSSv3
CVE-2019-16533
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
Draytek Vigor2925 Firmware 3.8.4.3
8.8
CVSSv3
CVE-2017-11649
Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote malicious users to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setS...
Draytek Vigorap 910c Firmware 1.2.0
6.1
CVSSv3
CVE-2017-11650
Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote malicious users to inject arbitrary web script or HTML via vectors involving home.asp.
Draytek Vigorap 910c Firmware 1.2.0
7.8
CVSSv3
CVE-2023-24229
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supporte...
Draytek Vigor2960 Firmware 1.5.1.4
9.8
CVSSv3
CVE-2023-47254
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote malicious users to execute arbitrary system commands and escalate privileges via any account created within the web interface.
Draytek Vigor167 Firmware 5.2.2
7.5
CVSSv3
CVE-2021-20124
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root pri...
Draytek Vigorconnect 1.6.0
8.1
CVSSv3
CVE-2021-20127
An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges.
Draytek Vigorconnect 1.6.0
5.4
CVSSv3
CVE-2021-20128
The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized.
Draytek Vigorconnect 1.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »