📦 Vigor3910 Firmware
by Draytek
🔍 What is Vigor3910 Firmware?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
A critical stack-based buffer overflow vulnerability in DrayTek router TR069 STUN server URL parsing allows remote attackers to execute arbitrary code with elevated privileges. This affects multiple D...
CVE-2024-41593 is a critical heap-based buffer overflow vulnerability in DrayTek Vigor310 devices that allows remote attackers to execute arbitrary code. The vulnerability occurs due to sign-extension...
Draytek Vigor routers, access points, switches, and Myvigor firmware use hardcoded encryption keys, allowing attackers to bind affected devices to their own accounts. This enables unauthorized creatio...
A NULL pointer dereference vulnerability in multiple Draytek router models allows attackers to cause Denial of Service (DoS) via specially crafted DHCP requests. This affects organizations and individ...
This vulnerability allows attackers to upload malicious kernel modules through the CGI configuration upload endpoint in affected Draytek routers, leading to arbitrary code execution with root privileg...
This vulnerability in Draytek routers allows attackers to upload malicious APP Enforcement modules, leading to arbitrary code execution with root privileges. It affects multiple Draytek Vigor router m...
A stack-based buffer overflow vulnerability in DrayTek Vigor310 devices allows remote attackers to execute arbitrary code by sending a specially crafted long query string to the cgi-bin/ipfedr.cgi com...
This vulnerability allows authenticated users to exploit buffer overflows in DrayTek Vigor3910 devices by sending specially crafted POST requests to vulnerable CGI endpoints. Attackers could potential...
This vulnerability allows authenticated users to exploit buffer overflows in CGI endpoints on DrayTek Vigor310 devices by sending specially crafted POST requests. Attackers could potentially execute a...
DrayTek Vigor3910 devices have a stack-based buffer overflow vulnerability in the GetCGI function that processes query string parameters. Attackers can exploit this by sending specially crafted HTTP r...
DrayTek Vigor310 devices through firmware version 4.3.2.6 contain buffer overflow vulnerabilities in .cgi pages due to missing bounds checks. This allows remote attackers to change device settings or ...
A buffer overflow vulnerability in Draytek Vigor 3910 routers allows attackers to cause Denial of Service (DoS) by sending crafted input to the sIpv6AiccuUser parameter. This affects organizations usi...
A buffer overflow vulnerability in Draytek Vigor 3910 routers allows attackers to cause Denial of Service (DoS) by sending specially crafted input to the sDnsPro parameter. This affects organizations ...
A buffer overflow vulnerability in Draytek Vigor 3910 routers allows attackers to cause Denial of Service (DoS) by sending crafted input to the trapcomm parameter in cgiswm.cgi. This affects organizat...
A buffer overflow vulnerability in Draytek Vigor 3910 routers allows attackers to cause Denial of Service (DoS) by sending crafted input to the saveitem parameter in lan2lan.cgi. This affects organiza...
CVE-2024-46597 is a buffer overflow vulnerability in Draytek Vigor 3910 routers affecting the sPubKey parameter in dialin.cgi. Attackers can exploit this by sending crafted inputs to cause Denial of S...
A buffer overflow vulnerability in Draytek Vigor 3910 routers allows attackers to cause Denial of Service (DoS) by sending crafted input to the newProname parameter in v2x00.cgi. This affects organiza...
A buffer overflow vulnerability in Draytek Vigor 3910 routers allows attackers to cause Denial of Service (DoS) by sending specially crafted input to the pub_key parameter. This affects organizations ...
A buffer overflow vulnerability in Draytek Vigor 3910 routers allows attackers to cause Denial of Service (DoS) by sending crafted input to the sProfileName parameter in fextobj.cgi. This affects orga...
A buffer overflow vulnerability exists in the sAppName parameter of the sslapp.cgi component in Draytek Vigor 3910 firmware v4.3.2.6. Attackers can exploit this by sending crafted inputs to cause a De...
This vulnerability allows attackers to cause a Denial of Service (DoS) on Draytek Vigor 3910 routers by exploiting a buffer overflow in the sPeerId parameter of the vpn.cgi component. Attackers can cr...
A buffer overflow vulnerability in the Draytek Vigor 3910 router's v2x00.cgi component allows attackers to cause Denial of Service (DoS) by sending specially crafted input to the fid parameter. This a...
This vulnerability allows attackers to trigger a buffer overflow in Draytek Vigor 3910 routers by sending crafted input to the sSrvAddr parameter in v2x00.cgi. This causes a Denial of Service (DoS), p...
A buffer overflow vulnerability exists in the AControlIp1 parameter of the acontrol.cgi component in Draytek Vigor 3910 firmware version 4.3.2.6. Attackers can exploit this by sending specially crafte...
A buffer overflow vulnerability in Draytek Vigor 3910 routers allows attackers to cause Denial of Service (DoS) by sending specially crafted input to the sCloudPass parameter. This affects organizatio...
A buffer overflow vulnerability in Draytek Vigor 3910 routers allows attackers to cause Denial of Service (DoS) by sending crafted input to the CGIbyFieldName parameter in chglog.cgi. This affects org...
A buffer overflow vulnerability in Draytek Vigor 3910 routers allows attackers to cause Denial of Service (DoS) by sending crafted input to the sStRtMskShow parameter. This affects organizations using...
A buffer overflow vulnerability exists in the profname parameter of the v2x00.cgi component in Draytek Vigor 3910 firmware version 4.3.2.6. Attackers can exploit this by sending specially crafted inpu...
A buffer overflow vulnerability in Draytek Vigor 3910 routers allows attackers to cause Denial of Service (DoS) by sending crafted input to the sInRCSecret0 parameter. This affects organizations using...
CVE-2024-23721 is a directory traversal vulnerability in Draytek Vigor3910 devices that allows attackers to access sensitive system files by manipulating POST requests. This affects organizations usin...
This vulnerability allows authenticated attackers to inject malicious scripts via the sFormAuthStr parameter, which are then executed in victims' browsers when they view the affected page. It affects ...