Vulnerabilites related to draytek - vigor3220_firmware
CVE-2024-51138 (GCVE-0-2024-51138)
Vulnerability from cvelistv5
Published
2025-02-27 00:00
Modified
2025-02-28 21:31
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • n/a
Summary
Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges.
References
http://draytek.com
https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-51138",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T16:59:55.612494Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-121",
                "description": "CWE-121 Stack-based Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T21:31:37.139Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T20:46:11.945Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "http://draytek.com"
        },
        {
          "url": "https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-51138",
    "datePublished": "2025-02-27T00:00:00.000Z",
    "dateReserved": "2024-10-28T00:00:00.000Z",
    "dateUpdated": "2025-02-28T21:31:37.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-51139 (GCVE-0-2024-51139)
Vulnerability from cvelistv5
Published
2025-02-27 00:00
Modified
2025-02-28 17:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • n/a
Summary
Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests.
References
http://draytek.com
https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-51139",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T16:59:54.401854Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T17:23:14.780Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser\u0027s handling of the \"Content-Length\" header of HTTP POST requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T20:47:37.278Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "http://draytek.com"
        },
        {
          "url": "https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-51139",
    "datePublished": "2025-02-27T00:00:00.000Z",
    "dateReserved": "2024-10-28T00:00:00.000Z",
    "dateUpdated": "2025-02-28T17:23:14.780Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41594 (GCVE-0-2024-41594)
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2025-03-19 15:38
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • n/a
Summary
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
References
https://www.forescout.com/resources/draytek14-vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-41594",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-19T15:22:51.555504Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-326",
                "description": "CWE-326 Inadequate Encryption Strength",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-19T15:38:27.511Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-03T18:29:39.340Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
        },
        {
          "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-41594",
    "datePublished": "2024-10-03T00:00:00.000Z",
    "dateReserved": "2024-07-18T00:00:00.000Z",
    "dateUpdated": "2025-03-19T15:38:27.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41587 (GCVE-0-2024-41587)
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2025-03-18 15:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
  • n/a
Summary
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
References
https://www.forescout.com/resources/draytek14-vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-41587",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T20:24:15.931214Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T15:15:51.880Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-03T18:25:02.832Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
        },
        {
          "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-41587",
    "datePublished": "2024-10-03T00:00:00.000Z",
    "dateReserved": "2024-07-18T00:00:00.000Z",
    "dateUpdated": "2025-03-18T15:15:51.880Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41588 (GCVE-0-2024-41588)
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2024-10-04 19:09
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • n/a
Summary
The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.
References
https://www.forescout.com/resources/draytek14-vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vigor3910_firmware",
            "vendor": "draytek",
            "versions": [
              {
                "lessThanOrEqual": "4.3.2.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-41588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T19:08:19.714245Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T19:09:42.672Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-03T18:25:20.243350",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
        },
        {
          "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-41588",
    "datePublished": "2024-10-03T00:00:00",
    "dateReserved": "2024-07-18T00:00:00",
    "dateUpdated": "2024-10-04T19:09:42.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41590 (GCVE-0-2024-41590)
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2024-10-03 20:38
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • n/a
Summary
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.
References
https://www.forescout.com/resources/draytek14-vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vigor3910_firmware",
            "vendor": "draytek",
            "versions": [
              {
                "lessThanOrEqual": "4.3.2.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-41590",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T20:31:37.882815Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-121",
                "description": "CWE-121 Stack-based Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T20:38:44.420Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-03T18:26:05.030610",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
        },
        {
          "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-41590",
    "datePublished": "2024-10-03T00:00:00",
    "dateReserved": "2024-07-18T00:00:00",
    "dateUpdated": "2024-10-03T20:38:44.420Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32548 (GCVE-0-2022-32548)
Vulnerability from cvelistv5
Published
2022-08-29 05:38
Modified
2024-08-03 07:46
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
  • n/a
Summary
An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.
References
https://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routersx_refsource_MISC
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:46:43.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routers"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-29T05:38:35",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routers"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-32548",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routers",
              "refsource": "MISC",
              "url": "https://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routers"
            },
            {
              "name": "https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html",
              "refsource": "MISC",
              "url": "https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-32548",
    "datePublished": "2022-08-29T05:38:35",
    "dateReserved": "2022-06-08T00:00:00",
    "dateUpdated": "2024-08-03T07:46:43.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41591 (GCVE-0-2024-41591)
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2025-03-14 15:36
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
  • n/a
Summary
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
References
https://www.forescout.com/resources/draytek14-vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-41591",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T19:14:46.529762Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T15:36:23.805Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-03T18:26:22.678Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
        },
        {
          "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-41591",
    "datePublished": "2024-10-03T00:00:00.000Z",
    "dateReserved": "2024-07-18T00:00:00.000Z",
    "dateUpdated": "2025-03-14T15:36:23.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41592 (GCVE-0-2024-41592)
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2024-10-03 18:59
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • n/a
Summary
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.
References
https://www.forescout.com/resources/draytek14-vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vigor3910_firmware",
            "vendor": "draytek",
            "versions": [
              {
                "lessThanOrEqual": "4.3.2.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-41592",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T18:56:58.532037Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-121",
                "description": "CWE-121 Stack-based Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T18:59:51.817Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-03T18:26:39.546871",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
        },
        {
          "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-41592",
    "datePublished": "2024-10-03T00:00:00",
    "dateReserved": "2024-07-18T00:00:00",
    "dateUpdated": "2024-10-03T18:59:51.817Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41596 (GCVE-0-2024-41596)
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2024-10-03 19:04
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • n/a
Summary
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.
References
https://www.forescout.com/resources/draytek14-vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vigor3910_firmware",
            "vendor": "draytek",
            "versions": [
              {
                "lessThanOrEqual": "4.3.2.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-41596",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T18:56:36.553141Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T19:04:38.581Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-03T18:30:24.782005",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
        },
        {
          "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-41596",
    "datePublished": "2024-10-03T00:00:00",
    "dateReserved": "2024-07-18T00:00:00",
    "dateUpdated": "2024-10-03T19:04:38.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41593 (GCVE-0-2024-41593)
Vulnerability from cvelistv5
Published
2024-10-03 00:00
Modified
2025-03-13 18:11
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • n/a
Summary
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.
References
https://www.forescout.com/resources/draytek14-vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-41593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-13T18:07:09.851527Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T18:11:33.093Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-03T18:29:21.947Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
        },
        {
          "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-41593",
    "datePublished": "2024-10-03T00:00:00.000Z",
    "dateReserved": "2024-07-18T00:00:00.000Z",
    "dateUpdated": "2025-03-13T18:11:33.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2025-03-13 19:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.
References
cve@mitre.orghttps://www.forescout.com/resources/draybreak-draytek-research/Mitigation, Technical Description, Third Party Advisory
cve@mitre.orghttps://www.forescout.com/resources/draytek14-vulnerabilitiesBroken Link
Impacted products
Vendor Product Version
draytek vigor3912_firmware *
draytek vigor3912 -
draytek vigor2962_firmware *
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigor3910_firmware *
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor165_firmware *
draytek vigor165 -
draytek vigor1000b_firmware *
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor166_firmware *
draytek vigor166 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor2763_firmware *
draytek vigor2763 -
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2865_firmware *
draytek vigor2865 -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigorlte200_firmware *
draytek vigorlte200 -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2860_firmware *
draytek vigor2860 -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2925_firmware *
draytek vigor2925 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor3220_firmware *
draytek vigor3220 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
              "versionEndExcluding": "4.3.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow."
    },
    {
      "lang": "es",
      "value": "Los dispositivos DrayTek Vigor310 hasta 4.3.2.6 permiten a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n ft_payload_dns(), porque se produce una operaci\u00f3n de extensi\u00f3n de signo de byte para el argumento de longitud de una llamada _memcpy, lo que lleva a un desbordamiento de b\u00fafer basado en el mont\u00f3n."
    }
  ],
  "id": "CVE-2024-41593",
  "lastModified": "2025-03-13T19:15:47.260",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-03T19:15:04.740",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2025-02-27 21:15
Modified
2025-05-28 16:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests.
References
cve@mitre.orghttp://draytek.comProduct
cve@mitre.orghttps://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946Third Party Advisory
Impacted products
Vendor Product Version
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigorlte200_firmware *
draytek vigorlte200 -
draytek vigor2860_firmware *
draytek vigor2860 -
draytek vigor2925_firmware *
draytek vigor2925 -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2763_firmware *
draytek vigor2763 -
draytek vigor2865_firmware *
draytek vigor2865 -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2927_firmware *
draytek vigor2927 -
draytek vigor2962_firmware *
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigor3910_firmware *
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor3912_firmware *
draytek vigor3912 -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor3220_firmware *
draytek vigor3220 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5485DD5C-12A3-4289-8196-43FFB3DF8B06",
              "versionEndExcluding": "3.9.9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "80EC4363-A351-4117-96CE-1F8B4748FCAC",
              "versionEndExcluding": "3.9.9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "519DD534-4B4A-48A4-9C5D-FB197DC5C777",
              "versionEndExcluding": "3.9.8.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFCA64D1-9731-4990-AD61-F673D41716BE",
              "versionEndExcluding": "3.9.8.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2821747D-FDE2-47FA-B352-70F6FBE0473D",
              "versionEndExcluding": "3.9.9.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD3195E-BA40-40B3-AF13-64AFF4890EE4",
              "versionEndExcluding": "3.9.9.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53804E7-59F0-4328-A732-9A14EB076E87",
              "versionEndExcluding": "3.9.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42C4DE6D-EE26-4445-8F57-0DCEC311A6A2",
              "versionEndExcluding": "3.9.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC78800A-438E-4B67-B3A5-F18D10F5D9B5",
              "versionEndExcluding": "3.9.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CBCFE34-3027-4DBB-9214-4CC891865F25",
              "versionEndExcluding": "4.4.5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "162BD269-E656-4A91-9E8C-A5E26A646B2D",
              "versionEndExcluding": "4.4.5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9695AA4E-EC4A-4F02-BFCD-5308CBE19510",
              "versionEndExcluding": "4.4.5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ECD7087-34D5-4841-97D1-B9F361327016",
              "versionEndExcluding": "4.4.5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45D6CD9B-5252-4541-9745-3F4E4D0C5C82",
              "versionEndExcluding": "4.4.5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F40A5ACD-BC60-4C97-BF7D-6B609A1D99E6",
              "versionEndExcluding": "4.4.5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2927_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74715D2C-FDF6-4882-A57A-327014FCC1CB",
              "versionEndExcluding": "4.4.5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2927:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12460F51-25AB-4EA9-BC43-9CE8DA992D75",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "093FCEE3-FEAA-4DA5-AD20-206D3822C63F",
              "versionEndExcluding": "4.3.2.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94AD7401-FE5B-4E5F-9469-DEDB101C6990",
              "versionEndExcluding": "4.4.3.2",
              "versionStartIncluding": "4.4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "529BDB13-03F3-4EF4-A15C-4EF2467DF5AE",
              "versionEndExcluding": "4.3.2.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F18DFF3-93B4-462C-908E-99C243EFFA2F",
              "versionEndExcluding": "4.4.3.2",
              "versionStartIncluding": "4.4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD4EA0F-391C-4A2E-B5CD-0D0689C36F20",
              "versionEndExcluding": "4.4.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A876E867-03E8-470E-A830-C0C5FBCCB257",
              "versionEndExcluding": "4.4.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B75C80CA-401A-4228-98F9-D27E529DC32D",
              "versionEndExcluding": "4.4.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F39C5A58-E6F1-4BA5-B321-7EA78F8DC7A6",
              "versionEndExcluding": "3.9.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DA10A6-CA24-4D03-B4DC-CC9A33D7E22D",
              "versionEndExcluding": "3.9.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser\u0027s handling of the \"Content-Length\" header of HTTP POST requests."
    },
    {
      "lang": "es",
      "value": "Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser\u0027s handling of the \"Content-Length\" header of HTTP POST requests."
    }
  ],
  "id": "CVE-2024-51139",
  "lastModified": "2025-05-28T16:23:26.310",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-27T21:15:37.123",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "http://draytek.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2025-06-11 13:54
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.
References
cve@mitre.orghttps://www.forescout.com/resources/draybreak-draytek-research/Mitigation, Technical Description, Third Party Advisory
cve@mitre.orghttps://www.forescout.com/resources/draytek14-vulnerabilitiesBroken Link
Impacted products
Vendor Product Version
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2865_firmware *
draytek vigor2865 -
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2763_firmware *
draytek vigor2763 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor166_firmware *
draytek vigor166 -
draytek vigor3912_firmware *
draytek vigor3912 -
draytek vigor1000b_firmware *
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor165_firmware *
draytek vigor165 -
draytek vigor3910_firmware *
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor2962_firmware *
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigorlte200_firmware *
draytek vigorlte200 -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2860_firmware *
draytek vigor2860 -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2925_firmware *
draytek vigor2925 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor3220_firmware *
draytek vigor3220 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
              "versionEndExcluding": "4.3.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function."
    },
    {
      "lang": "es",
      "value": "Los endpoints CGI v2x00.cgi y cgiwcg.cgi de los dispositivos DrayTek Vigor3910 hasta 4.3.2.6 son vulnerables a desbordamientos de b\u00fafer, por parte de usuarios autenticados, debido a la falta de verificaci\u00f3n de los l\u00edmites en los par\u00e1metros pasados a trav\u00e9s de solicitudes POST a la funci\u00f3n strncpy."
    }
  ],
  "id": "CVE-2024-41588",
  "lastModified": "2025-06-11T13:54:06.133",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-03T19:15:04.363",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2025-03-19 16:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.
References
cve@mitre.orghttps://www.forescout.com/resources/draybreak-draytek-research/Mitigation, Technical Description, Third Party Advisory
cve@mitre.orghttps://www.forescout.com/resources/draytek14-vulnerabilitiesBroken Link
Impacted products
Vendor Product Version
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2865_firmware *
draytek vigor2865 -
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2763_firmware *
draytek vigor2763 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor166_firmware *
draytek vigor166 -
draytek vigor1000b_firmware *
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor165_firmware *
draytek vigor165 -
draytek vigor3910_firmware *
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor2962_firmware *
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigor3912_firmware *
draytek vigor3912 -
draytek vigorlte200_firmware *
draytek vigorlte200 -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2860_firmware *
draytek vigor2860 -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2925_firmware *
draytek vigor2925 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor3220_firmware *
draytek vigor3220 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
              "versionEndExcluding": "4.3.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL."
    },
    {
      "lang": "es",
      "value": "Un problema en los dispositivos DrayTek Vigor310 hasta la versi\u00f3n 4.3.2.6 permite a un atacante obtener informaci\u00f3n confidencial porque el servidor httpd de la interfaz de administraci\u00f3n de Vigor utiliza una cadena est\u00e1tica para inicializar el PRNG de OpenSSL."
    }
  ],
  "id": "CVE-2024-41594",
  "lastModified": "2025-03-19T16:15:26.387",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-03T19:15:04.800",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2025-06-11 13:49
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.
References
cve@mitre.orghttps://www.forescout.com/resources/draybreak-draytek-research/Mitigation, Technical Description, Third Party Advisory
cve@mitre.orghttps://www.forescout.com/resources/draytek14-vulnerabilitiesBroken Link
Impacted products
Vendor Product Version
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2763_firmware *
draytek vigor2763 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor166_firmware *
draytek vigor166 -
draytek vigor3912_firmware *
draytek vigor3912 -
draytek vigor1000b_firmware *
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor165_firmware *
draytek vigor165 -
draytek vigor3910_firmware *
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor2962_firmware *
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigorlte200_firmware *
draytek vigorlte200 -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2860_firmware *
draytek vigor2860 -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2925_firmware *
draytek vigor2925 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor3220_firmware *
draytek vigor3220 -
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2865_firmware *
draytek vigor2865 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
              "versionEndExcluding": "4.3.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6."
    },
    {
      "lang": "es",
      "value": "Varios endpoints de CGI son vulnerables a desbordamientos de b\u00fafer, por parte de usuarios autenticados, debido a la falta de verificaci\u00f3n de los l\u00edmites en los par\u00e1metros pasados a trav\u00e9s de solicitudes POST a la funci\u00f3n strcpy en dispositivos DrayTek Vigor310 hasta 4.3.2.6."
    }
  ],
  "id": "CVE-2024-41590",
  "lastModified": "2025-06-11T13:49:57.290",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-03T19:15:04.487",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-08-29 06:15
Modified
2024-11-21 07:06
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.
References
cve@mitre.orghttps://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routersExploit, Third Party Advisory
cve@mitre.orghttps://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routersExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.htmlExploit, Third Party Advisory
Impacted products
Vendor Product Version
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigor2962p_firmware *
draytek vigor2962p -
draytek vigor2927_firmware *
draytek vigor2927 -
draytek vigor2927ax_firmware *
draytek vigor2927ax -
draytek vigor2927ac_firmware *
draytek vigor2927ac -
draytek vigor2927vac_firmware *
draytek vigor2927vac -
draytek vigor2927l_firmware *
draytek vigor2927l -
draytek vigor2927lac_firmware *
draytek vigor2927lac -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor2915ac_firmware *
draytek vigor2915ac -
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor2952p_firmware *
draytek vigor2952p -
draytek vigor3220_firmware *
draytek vigor3220 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor2926n_firmware *
draytek vigor2926n -
draytek vigor2926ac_firmware *
draytek vigor2926ac -
draytek vigor2926vac_firmware *
draytek vigor2926vac -
draytek vigor2926l_firmware *
draytek vigor2926l -
draytek vigor2926ln_firmware *
draytek vigor2926ln -
draytek vigor2926lac_firmware *
draytek vigor2926lac -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2862n_firmware *
draytek vigor2862n -
draytek vigor2862ac_firmware *
draytek vigor2862ac -
draytek vigor2862vac_firmware *
draytek vigor2862vac -
draytek vigor2862b_firmware *
draytek vigor2862b -
draytek vigor2862bn_firmware *
draytek vigor2862bn -
draytek vigor2862l_firmware *
draytek vigor2862l -
draytek vigor2862ln_firmware *
draytek vigor2862ln -
draytek vigor2862lac_firmware *
draytek vigor2862lac -
draytek vigor2620l_firmware *
draytek vigor2620l -
draytek vigor2620ln_firmware *
draytek vigor2620ln -
draytek vigorlte_200n_firmware *
draytek vigorlte_200n -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2133n_firmware *
draytek vigor2133n -
draytek vigor2133ac_firmware *
draytek vigor2133ac -
draytek vigor2133vac_firmware *
draytek vigor2133vac -
draytek vigor2133fvac_firmware *
draytek vigor2133fvac -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2762n_firmware *
draytek vigor2762n -
draytek vigor2762ac_firmware *
draytek vigor2762ac -
draytek vigor2762vac_firmware *
draytek vigor2762vac -
draytek vigor165_firmware *
draytek vigor165 -
draytek vigor166_firmware *
draytek vigor166 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor2135ac_firmware *
draytek vigor2135ac -
draytek vigor2135vac_firmware *
draytek vigor2135vac -
draytek vigor2135fvac_firmware *
draytek vigor2135fvac -
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2765ac_firmware *
draytek vigor2765ac -
draytek vigor2765vac_firmware *
draytek vigor2765vac -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2766ac_firmware *
draytek vigor2766ac -
draytek vigor2766vac_firmware *
draytek vigor2766vac -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2865_firmware *
draytek vigor2865 -
draytek vigor2865ax_firmware *
draytek vigor2865ax -
draytek vigor2865ac_firmware *
draytek vigor2865ac -
draytek vigor2865vac_firmware *
draytek vigor2865vac -
draytek vigor2865l_firmware *
draytek vigor2865l -
draytek vigor2865lac_firmware *
draytek vigor2865lac -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2866ax_firmware *
draytek vigor2866ax -
draytek vigor2866ac_firmware *
draytek vigor2866ac -
draytek vigor2866vac_firmware *
draytek vigor2866vac -
draytek vigor2866l_firmware *
draytek vigor2866l -
draytek vigor2866lac_firmware *
draytek vigor2866lac -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B937B768-C53B-490F-B6A8-6B0A2CC6C05A",
              "versionEndExcluding": "4.3.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05E81F44-7E9B-406E-BB4F-A3B6E5B82316",
              "versionEndExcluding": "4.3.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13C4AF21-4B66-4A84-95FB-268F8B644B39",
              "versionEndExcluding": "4.3.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17AD71DA-3550-4C1F-B2D6-BE8521E8A86C",
              "versionEndExcluding": "4.3.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F44E9E-D6E6-44CB-A724-143EE7D74691",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2927_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "411D132F-5340-4EFF-AC02-CF4AAB9320F4",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2927:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12460F51-25AB-4EA9-BC43-9CE8DA992D75",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2927ax_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "070AFC36-DFCF-4511-9B72-BCC5E37F5A21",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2927ax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C188F12-157F-4B8C-9A66-678B933E20F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2927ac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63F379DA-0262-438F-9689-1D7824257A3A",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2927ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B846175B-4DC0-4268-AAF2-F266BFD7646E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2927vac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E695FA8-7DC9-483B-89BC-9A55AA69C500",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2927vac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD217200-9848-425F-B113-E624C027BC9C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2927l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAE83225-B91F-4A39-B3C9-35551B85A61C",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2927l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9D70E8-080B-4F0E-BA3A-ACFE8F61475B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2927lac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3AB34C6-A18C-425F-BC75-E4729FDBA462",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2927lac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB5ABFF7-F5DA-485F-976B-5C858B85E994",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD74FED6-4AC0-4BB8-A32D-D849350968B0",
              "versionEndExcluding": "4.3.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915ac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE8DBA39-B28F-4901-860E-DE550A8FADA9",
              "versionEndExcluding": "4.3.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4318B8A-B94C-4207-9731-76D35DE85034",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B3BC6B8-6B4C-4794-9394-479DF40C7F5A",
              "versionEndExcluding": "3.9.7.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF2DE13B-8494-4E98-B18A-2EA35D9A7650",
              "versionEndExcluding": "3.9.7.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00F421E8-00BE-4451-A948-0D9862E442E3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0996CFA6-AA5C-4EFD-BD9E-1B0F23F03804",
              "versionEndExcluding": "3.9.7.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "76E680BF-6C82-4691-92DA-D4F50E4120BB",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926n_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C1DB0D-3F7F-4EF5-9F23-10AC94B4A439",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C04C85F3-C187-4F82-87A9-ECAF197ABA30",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926ac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "957D95D2-3569-4CA0-9C05-279F32B66F44",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65625316-A171-4C06-BFD0-C15A5ACF58A4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926vac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82DF224C-6CE9-43FF-A882-0C3989018D00",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926vac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "059842A3-553B-43A0-A714-15C55DA85752",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EE43891-7DB2-4C48-97B7-9F1F3051EA7D",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "775E8858-B078-427D-BCB5-6D2B91D17A9D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926ln_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1498B13D-10BA-49D2-8229-ADFCA5F44B20",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926ln:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E30F255-ECE9-4E6F-9A22-2826E548C18B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926lac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB36D6A-658F-4A67-BC7F-045C44A3A322",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926lac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4953A99-AD72-4204-BAA9-D87164349E01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "943EEFDB-8958-41BA-84E7-BB28A218B245",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862n_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63AB9A5-C5AE-410E-AFA3-D32F69887D9E",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DF8ECCA-405E-4D60-92ED-7F29F36A985F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862ac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4982251-F1DE-46CF-8995-F9B0CAD4D758",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB77A5C7-026C-4172-970A-28E0D1A6F2D1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862vac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0622A4B6-8839-4972-AC2A-1634F4241B9A",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862vac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CB96DDC-9961-47D4-81DF-4117A1B9C8F1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "932AA150-DCEE-4313-92E3-B9AECBD6707B",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7469CB-2CDE-4D2D-988A-13A482A59B28",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862bn_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A808791A-0863-44F6-8A13-8EFF8EB8C727",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862bn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60F97B4A-B323-4354-9CAC-60BCB02A44DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "137281B3-B1F6-4EC4-BB8B-8652533E2337",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "96B57263-4900-4F2E-AA5C-554B5163F489",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862ln_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF2D8790-A2EE-4AE1-A2DC-CC54108DD263",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862ln:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D1ADB5D-D2CF-464B-9F1C-45F31A032953",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862lac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5972D23-8225-48C1-B9A5-F63531B548E1",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862lac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A89BEEB-3F13-4C41-9133-788232DD229B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C4B52-81DF-40F2-8760-A25915126158",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DD1E5ED-6A96-4C4A-87D4-692988479D01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620ln_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDA1B3E-4B46-451B-9462-6BBFF5A16F28",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620ln:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4B71980-6D7A-4B7B-9863-E85CC849ED90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte_200n_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99B65954-02D6-4B76-88F2-5787B1A55729",
              "versionEndExcluding": "3.9.8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte_200n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00DC816E-1840-46F0-97C4-2BA00F5B9E64",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7646BDD0-992E-43D6-A5A9-AB5EA5E89FD3",
              "versionEndExcluding": "3.9.6.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133n_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55C8D979-63A8-419F-86CB-CFDBE8C19B2D",
              "versionEndExcluding": "3.9.6.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3F57E3F-8FFB-4A48-8BFD-5245D1EF2B80",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133ac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D383A7-C3A8-41E8-8731-04EF97F0CCE1",
              "versionEndExcluding": "3.9.6.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "196CE92C-805E-4B6A-8EA8-7A49515FB617",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133vac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "297393CA-8855-46DD-A229-D46BA338A57C",
              "versionEndExcluding": "3.9.6.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133vac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B81C46C-C837-4C10-AE7F-9E98A1A9E15C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133fvac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56923C0D-7FBF-4110-8220-07D2FFEA30A6",
              "versionEndExcluding": "3.9.6.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133fvac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1999AE2-3E6E-4D18-8FF1-D2A853B5975F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61F5E418-BA97-4F40-B3E6-AE256FE0EFDD",
              "versionEndExcluding": "3.9.6.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762n_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C44183E5-3030-45F1-BE3E-EAA47312E6AB",
              "versionEndExcluding": "3.9.6.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47B532B5-386F-4C4C-8554-C73409124306",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762ac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E41A4B2-4C20-433F-9285-95909A0AEE3B",
              "versionEndExcluding": "3.9.6.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA5BFB-5D2F-44B2-B995-0675243264CA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762vac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "67A1CBE5-09BF-47A6-A6CA-5FF5CEF6670F",
              "versionEndExcluding": "3.9.6.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762vac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F97B07D-BC53-42A4-BBA3-D9CF5D474C9E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71348479-95FE-4E66-A068-74DA89C82F6F",
              "versionEndExcluding": "4.2.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFE35F98-0304-415F-B8AF-93C17F8DA6CB",
              "versionEndExcluding": "4.2.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0394013-3F27-4ACA-81C1-17399631DF84",
              "versionEndExcluding": "4.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135ac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1355BCF1-FB23-45B9-9201-EA25B2F33920",
              "versionEndExcluding": "4.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77D227B7-1121-4657-A621-AF0C0E766D90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135vac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBDB62F3-082E-4763-BAA0-69B78DA16B5C",
              "versionEndExcluding": "4.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135vac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAC1C9BE-31B5-47DD-BE09-0984EE29A957",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135fvac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3327574-E0DB-4CB4-8BDD-C03F09D0974A",
              "versionEndExcluding": "4.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135fvac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "625DE418-F506-4579-9C25-04DCD0FBC7ED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D431985C-61B3-4124-A363-3124D1AAF5CC",
              "versionEndExcluding": "4.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765ac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB6111E-2063-4CCF-8E50-4E851264FB16",
              "versionEndExcluding": "4.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1B9AF22-089B-41FB-8E30-BED3E4CE32ED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765vac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F63944F3-F3D4-4240-819F-15694FB71C1D",
              "versionEndExcluding": "4.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765vac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A582D29-85D9-4FC3-B88A-42B947B9D18C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C34C4A04-A6D0-48F9-BDB0-26847CC0EBAE",
              "versionEndExcluding": "4.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766ac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA939906-239F-40DC-B452-8FF64C9907C7",
              "versionEndExcluding": "4.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "787134FE-0549-427D-A9CE-32B1C58BC954",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766vac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E78CBAA-2D96-43C8-84A1-AF6CB42C8131",
              "versionEndExcluding": "4.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766vac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "228DC583-B6BC-4948-A167-53C49B6D04B2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0928E933-244C-44E7-A7B3-C6009DD12EC2",
              "versionEndExcluding": "3.9.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F02BBA-DADE-48C9-8802-6C170714A3DF",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865ax_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E1D55A-45D7-4427-8BF4-197853948E37",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865ax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "699735FA-D33E-4F32-9584-B15938FB954E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865ac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF8F3B5B-F074-4AB1-8F2C-D4680A843781",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2D62A63-1E53-469C-B06C-DB6D05C7BE2F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865vac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63B4931B-4B4E-4F30-9A53-657746F3AEEF",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865vac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C40B478-C28F-430A-A690-5EF9FFB4812E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AA4AF52-76AE-4356-94DD-2033D888ED32",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4F462E8-6427-4E42-902B-07E8A9366423",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865lac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14488AE9-7FDB-466C-A7BF-3DF43F4A9FE6",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865lac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B87FA44-4931-4DC4-89BE-72A591C7C355",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05E1101F-BFCE-479F-9E3C-932D56E42C9A",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866ax_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD98A315-7484-442B-A411-CDFCDDDCC625",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866ax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F84DE3D-5FFD-4D6F-877A-A656287BDD7B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866ac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E30E7C6-C4F5-46C4-87F7-E64AD8CA1DAB",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866ac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E82803D-B1DE-4541-913C-9128B313AC0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866vac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C16598-52C3-4302-B2EF-4714007904D5",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866vac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5295B4DF-DE6C-4725-A22B-1186D5AB1325",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F93460D-E72A-4F55-8471-476BD86B83BD",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "315CA850-DA5C-46E8-90A1-457320A52AA3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866lac_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "962FC4B2-E7AE-4F4F-B6F5-7E71C9EDFFF6",
              "versionEndExcluding": "4.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866lac:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4504923B-C903-432D-B4D2-287BD0145F3B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en determinados routers DrayTek Vigor versiones anteriores a julio de 2022, como el Vigor3910 versiones anteriores a 4.3.1.1. El archivo /cgi-bin/wlogin.cgi presenta un desbordamiento de b\u00fafer por medio del nombre de usuario o contrase\u00f1a al campo aa o ab"
    }
  ],
  "id": "CVE-2022-32548",
  "lastModified": "2024-11-21T07:06:36.290",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-29T06:15:09.423",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routers"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.securityweek.com/smbs-exposed-attacks-critical-vulnerability-draytek-vigor-routers"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2025-02-27 21:15
Modified
2025-05-28 16:41
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges.
References
cve@mitre.orghttp://draytek.comProduct
cve@mitre.orghttps://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946Third Party Advisory
Impacted products
Vendor Product Version
draytek vigor3912_firmware *
draytek vigor3912 -
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigorlte200_firmware *
draytek vigorlte200 -
draytek vigor2860_firmware *
draytek vigor2860 -
draytek vigor2925_firmware *
draytek vigor2925 -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2763_firmware *
draytek vigor2763 -
draytek vigor2865_firmware *
draytek vigor2865 -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2927_firmware *
draytek vigor2927 -
draytek vigor2962_firmware *
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigor3910_firmware *
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor3220_firmware *
draytek vigor3220 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD4EA0F-391C-4A2E-B5CD-0D0689C36F20",
              "versionEndExcluding": "4.4.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5485DD5C-12A3-4289-8196-43FFB3DF8B06",
              "versionEndExcluding": "3.9.9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "80EC4363-A351-4117-96CE-1F8B4748FCAC",
              "versionEndExcluding": "3.9.9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "519DD534-4B4A-48A4-9C5D-FB197DC5C777",
              "versionEndExcluding": "3.9.8.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFCA64D1-9731-4990-AD61-F673D41716BE",
              "versionEndExcluding": "3.9.8.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2821747D-FDE2-47FA-B352-70F6FBE0473D",
              "versionEndExcluding": "3.9.9.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADD3195E-BA40-40B3-AF13-64AFF4890EE4",
              "versionEndExcluding": "3.9.9.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53804E7-59F0-4328-A732-9A14EB076E87",
              "versionEndExcluding": "3.9.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42C4DE6D-EE26-4445-8F57-0DCEC311A6A2",
              "versionEndExcluding": "3.9.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC78800A-438E-4B67-B3A5-F18D10F5D9B5",
              "versionEndExcluding": "3.9.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CBCFE34-3027-4DBB-9214-4CC891865F25",
              "versionEndExcluding": "4.4.5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "162BD269-E656-4A91-9E8C-A5E26A646B2D",
              "versionEndExcluding": "4.4.5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9695AA4E-EC4A-4F02-BFCD-5308CBE19510",
              "versionEndExcluding": "4.4.5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ECD7087-34D5-4841-97D1-B9F361327016",
              "versionEndExcluding": "4.4.5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45D6CD9B-5252-4541-9745-3F4E4D0C5C82",
              "versionEndExcluding": "4.4.5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F40A5ACD-BC60-4C97-BF7D-6B609A1D99E6",
              "versionEndExcluding": "4.4.5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2927_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74715D2C-FDF6-4882-A57A-327014FCC1CB",
              "versionEndExcluding": "4.4.5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2927:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12460F51-25AB-4EA9-BC43-9CE8DA992D75",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "093FCEE3-FEAA-4DA5-AD20-206D3822C63F",
              "versionEndExcluding": "4.3.2.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94AD7401-FE5B-4E5F-9469-DEDB101C6990",
              "versionEndExcluding": "4.4.3.2",
              "versionStartIncluding": "4.4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "529BDB13-03F3-4EF4-A15C-4EF2467DF5AE",
              "versionEndExcluding": "4.3.2.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F18DFF3-93B4-462C-908E-99C243EFFA2F",
              "versionEndExcluding": "4.4.3.2",
              "versionStartIncluding": "4.4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A876E867-03E8-470E-A830-C0C5FBCCB257",
              "versionEndExcluding": "4.4.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B75C80CA-401A-4228-98F9-D27E529DC32D",
              "versionEndExcluding": "4.4.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F39C5A58-E6F1-4BA5-B321-7EA78F8DC7A6",
              "versionEndExcluding": "3.9.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DA10A6-CA24-4D03-B4DC-CC9A33D7E22D",
              "versionEndExcluding": "3.9.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad de desbordamiento de b\u00fafer basada en pila en la funcionalidad de an\u00e1lisis de URL del servidor STUN TR069. Vigor165/166 4.2.7 y anteriores; Vigor2620/LTE200 3.9.8.9 y anteriores; Vigor2860/2925 3.9.8 y anteriores; Vigor2862/2926 3.9.9.5 y anteriores; Vigor2133/2762/2832 3.9.9 y anteriores; Vigor2135/2765/2766 4.4.5. y anteriores; Vigor2865/2866/2927 4.4.5.3 y anteriores; Vigor2962 4.3.2.8 y anteriores; Vigor3912 4.3.6.1 y anteriores; Vigor3910 4.4.3.1 y anteriores se ha identificado una vulnerabilidad de desbordamiento de b\u00fafer basada en pila en la funcionalidad de an\u00e1lisis de URL del servidor STUN TR069. Esta falla se produce debido a una verificaci\u00f3n insuficiente de los l\u00edmites de la cantidad de par\u00e1metros de URL, lo que permite a un atacante aprovechar el desbordamiento mediante el env\u00edo de una solicitud manipulada con fines malintencionados. En consecuencia, un atacante remoto puede ejecutar c\u00f3digo arbitrario con privilegios elevados."
    }
  ],
  "id": "CVE-2024-51138",
  "lastModified": "2025-05-28T16:41:26.460",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-27T21:15:37.023",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "http://draytek.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2025-03-14 16:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
References
cve@mitre.orghttps://www.forescout.com/resources/draybreak-draytek-research/Mitigation, Technical Description, Third Party Advisory
cve@mitre.orghttps://www.forescout.com/resources/draytek14-vulnerabilitiesBroken Link
Impacted products
Vendor Product Version
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2865_firmware *
draytek vigor2865 -
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2763_firmware *
draytek vigor2763 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor166_firmware *
draytek vigor166 -
draytek vigor1000b_firmware *
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor165_firmware *
draytek vigor165 -
draytek vigor3910_firmware *
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor2962_firmware *
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigor3912_firmware *
draytek vigor3912 -
draytek vigorlte200_firmware *
draytek vigorlte200 -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2860_firmware *
draytek vigor2860 -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2925_firmware *
draytek vigor2925 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor3220_firmware *
draytek vigor3220 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
              "versionEndExcluding": "4.3.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS."
    },
    {
      "lang": "es",
      "value": "Los dispositivos DrayTek Vigor3910 hasta 4.3.2.6 permiten XSS reflejado basado en DOM no autenticado."
    }
  ],
  "id": "CVE-2024-41591",
  "lastModified": "2025-03-14T16:15:34.730",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-03T19:15:04.560",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2025-06-03 13:52
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.
References
cve@mitre.orghttps://www.forescout.com/resources/draybreak-draytek-research/Third Party Advisory, Exploit, Mitigation
cve@mitre.orghttps://www.forescout.com/resources/draytek14-vulnerabilitiesBroken Link
Impacted products
Vendor Product Version
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2865_firmware *
draytek vigor2865 -
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2763_firmware *
draytek vigor2763 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor166_firmware *
draytek vigor166 -
draytek vigor3912_firmware *
draytek vigor3912 -
draytek vigor1000b_firmware *
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor165_firmware *
draytek vigor165 -
draytek vigor3910_firmware *
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor2962_firmware *
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigorlte200_firmware *
draytek vigorlte200 -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2860_firmware *
draytek vigor2860 -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2925_firmware *
draytek vigor2925 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor3220_firmware *
draytek vigor3220 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4137F610-B3BE-4B74-8409-B91E61C4EEEE",
              "versionEndExcluding": "3.9.8.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C7DD492-4294-484D-A4D2-BCCCA152D57F",
              "versionEndExcluding": "3.9.8.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
              "versionEndExcluding": "4.3.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7845410-6E90-4E92-8029-964A7F77EC57",
              "versionEndExcluding": "3.9.8.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0813DB7-4B52-40E1-9D5C-DBF9FA74EFD0",
              "versionEndExcluding": "3.9.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B69D1EC-7C33-4367-80BA-4008E8C9A4BE",
              "versionEndExcluding": "3.9.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D46E5FF5-6521-4A10-8CC5-34518A38ECFA",
              "versionEndExcluding": "3.9.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02588C38-E98C-4553-93C0-535A0C129783",
              "versionEndExcluding": "3.9.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "765C62A0-BE3E-4661-8FD6-E9566B7C3C28",
              "versionEndExcluding": "3.9.9.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43C713BB-02A0-4CD4-A27F-943D5D538444",
              "versionEndExcluding": "3.9.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FE9F0A-223F-42DC-BCB6-4A7A24A65130",
              "versionEndExcluding": "3.9.9.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F1ADAFE-5F59-4617-A20D-68675AE4AA61",
              "versionEndExcluding": "3.9.8.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs."
    },
    {
      "lang": "es",
      "value": "Los dispositivos DrayTek Vigor3910 hasta 4.3.2.6 tienen un desbordamiento basado en pila al procesar par\u00e1metros de cadena de consulta porque GetCGI maneja incorrectamente los caracteres ampersand extra\u00f1os y los pares clave-valor largos."
    }
  ],
  "id": "CVE-2024-41592",
  "lastModified": "2025-06-03T13:52:04.560",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-03T19:15:04.633",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "Exploit",
        "Mitigation"
      ],
      "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2025-06-11 13:40
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.
References
cve@mitre.orghttps://www.forescout.com/resources/draybreak-draytek-research/Mitigation, Technical Description, Third Party Advisory
cve@mitre.orghttps://www.forescout.com/resources/draytek14-vulnerabilitiesBroken Link
Impacted products
Vendor Product Version
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2865_firmware *
draytek vigor2865 -
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2763_firmware *
draytek vigor2763 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor166_firmware *
draytek vigor166 -
draytek vigor3912_firmware *
draytek vigor3912 -
draytek vigor1000b_firmware *
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor165_firmware *
draytek vigor165 -
draytek vigor3910_firmware *
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor2962_firmware *
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigorlte200_firmware *
draytek vigorlte200 -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2860_firmware *
draytek vigor2860 -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2925_firmware *
draytek vigor2925 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor3220_firmware *
draytek vigor3220 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
              "versionEndExcluding": "4.3.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters."
    },
    {
      "lang": "es",
      "value": "Existen vulnerabilidades de desbordamiento de b\u00fafer en los dispositivos DrayTek Vigor310 hasta la versi\u00f3n 4.3.2.6 (en la interfaz de administraci\u00f3n de Vigor) debido a la recuperaci\u00f3n y el manejo incorrectos de los par\u00e1metros del formulario CGI."
    }
  ],
  "id": "CVE-2024-41596",
  "lastModified": "2025-06-11T13:40:06.773",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-03T19:15:04.923",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2025-03-18 16:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
References
cve@mitre.orghttps://www.forescout.com/resources/draybreak-draytek-research/Mitigation, Technical Description, Third Party Advisory
cve@mitre.orghttps://www.forescout.com/resources/draytek14-vulnerabilitiesBroken Link
Impacted products
Vendor Product Version
draytek vigor3910_firmware *
draytek vigor3910_firmware *
draytek vigor3910 -
draytek vigor3912_firmware *
draytek vigor3912 -
draytek vigor2962_firmware *
draytek vigor2962_firmware *
draytek vigor2962 -
draytek vigor165_firmware *
draytek vigor165 -
draytek vigor1000b_firmware *
draytek vigor1000b_firmware *
draytek vigor1000b -
draytek vigor166_firmware *
draytek vigor166 -
draytek vigor2135_firmware *
draytek vigor2135 -
draytek vigor2763_firmware *
draytek vigor2763 -
draytek vigor2765_firmware *
draytek vigor2765 -
draytek vigor2865_firmware *
draytek vigor2865 -
draytek vigor2766_firmware *
draytek vigor2766 -
draytek vigor2866_firmware *
draytek vigor2866 -
draytek vigor2915_firmware *
draytek vigor2915 -
draytek vigor2620_firmware *
draytek vigor2620 -
draytek vigorlte200_firmware *
draytek vigorlte200 -
draytek vigor2133_firmware *
draytek vigor2133 -
draytek vigor2762_firmware *
draytek vigor2762 -
draytek vigor2832_firmware *
draytek vigor2832 -
draytek vigor2860_firmware *
draytek vigor2860 -
draytek vigor2862_firmware *
draytek vigor2862 -
draytek vigor2925_firmware *
draytek vigor2925 -
draytek vigor2926_firmware *
draytek vigor2926 -
draytek vigor2952_firmware *
draytek vigor2952 -
draytek vigor3220_firmware *
draytek vigor3220 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
              "versionEndExcluding": "4.3.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
              "versionEndExcluding": "4.3.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
              "versionEndExcluding": "4.4.3.1",
              "versionStartIncluding": "4.4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
              "versionEndExcluding": "4.4.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "289E3E0B-6BA4-44B8-968A-AC374B15B631",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1BD8E59-6C67-4C80-B25F-2C5814A8CF0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43265128-7E8E-4FE2-8488-AC5734A4AF70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F71B18-89B5-42C7-B4B7-448844D6AFBC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96F64C0-09DD-4553-AC5F-D722B8321B0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C4077B-C73F-4431-9103-C09960E203E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D081E5D-7A68-47A0-9EFE-1FC01DA2FF23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C470B04-BD57-429B-80FC-328A7D2E35E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A688631-4B36-43CC-AEF8-D390081F01DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E207BB52-29F8-4F2F-AA06-855B38E22958",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD8437FD-65E2-4203-82B9-8FC32444204A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6."
    },
    {
      "lang": "es",
      "value": "El XSS almacenado, por parte de usuarios autenticados, es causado por una mala desinfecci\u00f3n del mensaje de saludo de la p\u00e1gina de inicio de sesi\u00f3n en los dispositivos DrayTek Vigor310 hasta 4.3.2.6."
    }
  ],
  "id": "CVE-2024-41587",
  "lastModified": "2025-03-18T16:15:22.733",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-03T19:15:04.310",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.forescout.com/resources/draybreak-draytek-research/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}