Draytek Vigor2766 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Draytek Vigor2766 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2022-32548 — CVSS 10.0 (critical): An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a…
CVE-2024-51139 — CVSS 9.8 (critical): Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and…
CVE-2024-41593 — CVSS 9.8 (critical): DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a…
CVE-2024-51138 — CVSS 9.8 (critical): Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier…
CVE-2024-41334 — CVSS 8.8 (high): Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior…
CVE-2024-41339 — CVSS 8.8 (high): An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to…
CVE-2024-41340 — CVSS 8.4 (high): An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor…
CVE-2024-41592 — CVSS 8.0 (high): DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles…
CVE-2024-41588 — CVSS 8.0 (high): The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by…
CVE-2024-41590 — CVSS 8.0 (high): Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed…
CVE-2024-41596 — CVSS 8.0 (high): Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper…
CVE-2024-41594 — CVSS 7.5 (high): An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the…
CVE-2024-41338 — CVSS 7.5 (high): A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to…
CVE-2023-23313 — CVSS 6.1 (medium): Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's…
CVE-2024-41587 — CVSS 5.4 (medium): Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through…