A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices prior to 1.5.1 allows remote malicious users to achieve code execution via a remote HTTP request (issue 3 of 3).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
draytek vigor300b_firmware |
||
draytek vigor3900_firmware |
||
draytek vigor2960_firmware |