Latest CVE Feed
-
8.0
HIGHCVE-2024-41596
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.... Read more
Affected Products : vigor2860_firmware vigor2832_firmware vigor2766_firmware vigor2765_firmware vigor2763_firmware vigor2762_firmware vigor2135_firmware vigor2133_firmware vigor166_firmware vigor165_firmware +38 more products- Published: Oct. 03, 2024
- Modified: Jun. 11, 2025
-
8.0
HIGHCVE-2024-41595
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations.... Read more
- Published: Oct. 03, 2024
- Modified: Apr. 10, 2025
-
7.5
HIGHCVE-2024-41594
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL.... Read more
Affected Products : vigor2860_firmware vigor2832_firmware vigor2766_firmware vigor2765_firmware vigor2763_firmware vigor2762_firmware vigor2135_firmware vigor2133_firmware vigor166_firmware vigor165_firmware +38 more products- Published: Oct. 03, 2024
- Modified: Mar. 19, 2025
-
9.8
CRITICALCVE-2024-41593
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow... Read more
Affected Products : vigor2860_firmware vigor2832_firmware vigor2766_firmware vigor2765_firmware vigor2763_firmware vigor2762_firmware vigor2135_firmware vigor2133_firmware vigor166_firmware vigor165_firmware +38 more products- Published: Oct. 03, 2024
- Modified: Mar. 13, 2025
-
8.0
HIGHCVE-2024-41592
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.... Read more
Affected Products : vigor2860_firmware vigor2832_firmware vigor2766_firmware vigor2765_firmware vigor2763_firmware vigor2762_firmware vigor2135_firmware vigor2133_firmware vigor166_firmware vigor165_firmware +38 more products- Published: Oct. 03, 2024
- Modified: Jun. 03, 2025
-
6.1
MEDIUMCVE-2024-41591
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.... Read more
Affected Products : vigor2860_firmware vigor2832_firmware vigor2766_firmware vigor2765_firmware vigor2763_firmware vigor2762_firmware vigor2135_firmware vigor2133_firmware vigor166_firmware vigor165_firmware +38 more products- Published: Oct. 03, 2024
- Modified: Mar. 14, 2025
-
8.0
HIGHCVE-2024-41590
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.... Read more
Affected Products : vigor2860_firmware vigor2832_firmware vigor2766_firmware vigor2765_firmware vigor2763_firmware vigor2762_firmware vigor2135_firmware vigor2133_firmware vigor166_firmware vigor165_firmware +38 more products- Published: Oct. 03, 2024
- Modified: Jun. 11, 2025
-
8.8
HIGHCVE-2024-41589
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests.... Read more
- Published: Oct. 03, 2024
- Modified: Apr. 10, 2025
-
8.0
HIGHCVE-2024-41588
The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.... Read more
Affected Products : vigor2860_firmware vigor2832_firmware vigor2766_firmware vigor2765_firmware vigor2763_firmware vigor2762_firmware vigor2135_firmware vigor2133_firmware vigor166_firmware vigor165_firmware +38 more products- Published: Oct. 03, 2024
- Modified: Jun. 11, 2025
-
5.4
MEDIUMCVE-2024-41587
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.... Read more
Affected Products : vigor2860_firmware vigor2832_firmware vigor2766_firmware vigor2765_firmware vigor2763_firmware vigor2762_firmware vigor2135_firmware vigor2133_firmware vigor166_firmware vigor165_firmware +38 more products- Published: Oct. 03, 2024
- Modified: Mar. 18, 2025
-
8.0
HIGHCVE-2024-41586
A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component.... Read more
- Published: Oct. 03, 2024
- Modified: Apr. 10, 2025
-
6.8
MEDIUMCVE-2024-41585
DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine.... Read more
- Published: Oct. 03, 2024
- Modified: Apr. 10, 2025
-
4.7
MEDIUMCVE-2024-41584
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter.... Read more
- Published: Oct. 03, 2024
- Modified: Apr. 10, 2025
-
4.7
MEDIUMCVE-2024-41583
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name.... Read more
- Published: Oct. 03, 2024
- Modified: Apr. 10, 2025
-
5.8
MEDIUMCVE-2024-47762
Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration schema. ... Read more
- Published: Oct. 03, 2024
- Modified: Oct. 04, 2024
-
9.3
CRITICALCVE-2024-41988
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module... Read more
Affected Products :- Published: Oct. 03, 2024
- Modified: Oct. 04, 2024
-
8.6
HIGHCVE-2024-41987
The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative pr... Read more
Affected Products :- Published: Oct. 03, 2024
- Modified: Oct. 04, 2024
-
5.9
MEDIUMCVE-2024-34535
In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header.... Read more
Affected Products : mastodon- Published: Oct. 03, 2024
- Modified: May. 06, 2025
-
8.2
HIGHCVE-2023-37822
The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the ser... Read more
- Published: Oct. 03, 2024
- Modified: Nov. 25, 2024
-
5.3
MEDIUMCVE-2024-8508
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a co... Read more
- Published: Oct. 03, 2024
- Modified: Dec. 17, 2024