CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2024-41593
https://notcve.org/view.php?id=CVE-2024-41593
03 Oct 2024 — DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. • https://www.forescout.com/resources/draybreak-draytek-research •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-41594
https://notcve.org/view.php?id=CVE-2024-41594
03 Oct 2024 — An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. • https://www.forescout.com/resources/draybreak-draytek-research •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41595
https://notcve.org/view.php?id=CVE-2024-41595
03 Oct 2024 — DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations. • https://www.forescout.com/resources/draybreak-draytek-research • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41596
https://notcve.org/view.php?id=CVE-2024-41596
03 Oct 2024 — Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. • https://www.forescout.com/resources/draybreak-draytek-research • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46550
https://notcve.org/view.php?id=CVE-2024-46550
18 Sep 2024 — Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. • https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analysis-Report-b3b23e150c4f4bab822c3c47fd7b9de9#bffdd8897d944a77834b865d9326a1d7 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46551
https://notcve.org/view.php?id=CVE-2024-46551
18 Sep 2024 — Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. • https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analysis-Report-b3b23e150c4f4bab822c3c47fd7b9de9#aabdeced2a5e407ba3b3c0d318af0a29 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46552
https://notcve.org/view.php?id=CVE-2024-46552
18 Sep 2024 — Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. • https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analysis-Report-b3b23e150c4f4bab822c3c47fd7b9de9#53ad238cc1af41f7a32b29260f7274ec •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46553
https://notcve.org/view.php?id=CVE-2024-46553
18 Sep 2024 — Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. • https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analysis-Report-b3b23e150c4f4bab822c3c47fd7b9de9#1e21ab70186245aa8fb17578863216e2 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46554
https://notcve.org/view.php?id=CVE-2024-46554
18 Sep 2024 — Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. • https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analysis-Report-b3b23e150c4f4bab822c3c47fd7b9de9#ee86534f23b84f2cbfa9401ee1d9d179 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46555
https://notcve.org/view.php?id=CVE-2024-46555
18 Sep 2024 — Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. • https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analysis-Report-b3b23e150c4f4bab822c3c47fd7b9de9#e15d03bdd4b9441e8eb157fbd09969f4 •