CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2024-41587
https://notcve.org/view.php?id=CVE-2024-41587
03 Oct 2024 — Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. • https://www.forescout.com/resources/draybreak-draytek-research •
CVSS: 6.4EPSS: 0%CPEs: 24EXPL: 0CVE-2024-41591
https://notcve.org/view.php?id=CVE-2024-41591
03 Oct 2024 — DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. • https://www.forescout.com/resources/draybreak-draytek-research •
CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2024-41593
https://notcve.org/view.php?id=CVE-2024-41593
03 Oct 2024 — DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. • https://www.forescout.com/resources/draybreak-draytek-research •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-41594
https://notcve.org/view.php?id=CVE-2024-41594
03 Oct 2024 — An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. • https://www.forescout.com/resources/draybreak-draytek-research •
CVSS: 10.0EPSS: 0%CPEs: 136EXPL: 3CVE-2022-32548
https://notcve.org/view.php?id=CVE-2022-32548
29 Aug 2022 — An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field. Se ha detectado un problema en determinados routers DrayTek Vigor versiones anteriores a julio de 2022, como el Vigor3910 versiones anteriores a 4.3.1.1. El archivo /cgi-bin/wlogin.cgi presenta un desbordamiento de búfer por medio del nombre de usuario o contraseña al campo aa o ab • https://github.com/MosaedH/CVE-2022-32548-RCE-POC • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •