Search criteria
7 vulnerabilities found for vigor2927 by draytek
VAR-202303-0563
Vulnerability from variot - Updated: 2025-10-09 23:02Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2. vigor2860 firmware, vigor2860n firmware, vigor2860n-plus firmware etc. DrayTek Corporation A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202303-0563",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vigor2927lac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.3"
},
{
"model": "vigor166",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4.1"
},
{
"model": "vigor2860l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2926ln",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2763",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.2"
},
{
"model": "vigor2926",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2862",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2133n",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6.5"
},
{
"model": "vigor2865lac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.1.1"
},
{
"model": "vigor2860ln",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2135vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigor2762",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6.5"
},
{
"model": "vigor2860vn-plus",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2135ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigor3220",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.7.4"
},
{
"model": "vigor2832",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6.3"
},
{
"model": "vigor2925ln",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2765ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.2"
},
{
"model": "vigor2766ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigor2862ln",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2925n",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2926ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2915ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigor2763ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.2"
},
{
"model": "vigor2865vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.1.1"
},
{
"model": "vigor2862bn",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2925l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2133ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6.5"
},
{
"model": "vigor2766vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigor2915",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigor2133fvac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6.5"
},
{
"model": "vigor2860n",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2762vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6.5"
},
{
"model": "vigor2866lac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.1.1"
},
{
"model": "vigor2865l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.1.1"
},
{
"model": "vigor2865ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.1.1"
},
{
"model": "vigor2925vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2925vn-plus",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2862b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2926n",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2135ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigor1000b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.2"
},
{
"model": "vigor2926l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2762n",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6.5"
},
{
"model": "vigor2926vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2866ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.1.1"
},
{
"model": "vigor130",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.8.5.1"
},
{
"model": "vigor2765",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigor2925fn",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2135fvac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigor2133vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6.5"
},
{
"model": "vigor2860ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2765va",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigor2866",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.1.1"
},
{
"model": "vigor2860n-plus",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2766ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigor165",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.4.1"
},
{
"model": "vigor2865ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.1.1"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.2"
},
{
"model": "vigor2952",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.7.4"
},
{
"model": "vigor2866vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.1.1"
},
{
"model": "vigor2927vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.3"
},
{
"model": "vigor2866l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.1.1"
},
{
"model": "vigor2135",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigor2925",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2926lac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2766",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigor2952p",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.7.4"
},
{
"model": "vigor2865",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.1.1"
},
{
"model": "vigor2762ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6.5"
},
{
"model": "vigor2765ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.1"
},
{
"model": "vigornic 132",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.8.5.1"
},
{
"model": "vigor2862ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2866ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.1.1"
},
{
"model": "vigor2927ax",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.3"
},
{
"model": "vigor2860",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2860vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2927ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.3"
},
{
"model": "vigor2862n",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2925ac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2862lac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2133",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6.5"
},
{
"model": "vigor2927l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.3"
},
{
"model": "vigor2962p",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.2"
},
{
"model": "vigor2862vac",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2862l",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2927",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.3"
},
{
"model": "vigor2927f",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.2.3"
},
{
"model": "vigor2832n",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.6.3"
},
{
"model": "vigor2925n-plus",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.4"
},
{
"model": "vigor2832n",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2766vac",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2832",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2860",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2765ax",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2765va",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2860vac",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2766ac",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2860n-plus",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2860ac",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2766ax",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2860vn-plus",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2763",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2860n",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2860l",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2860ln",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2765",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2763ac",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2765ac",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2766",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004845"
},
{
"db": "NVD",
"id": "CVE-2023-23313"
}
]
},
"cve": "CVE-2023-23313",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2023-23313",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-23313",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-23313",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-23313",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-23313",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202303-232",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-232"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004845"
},
{
"db": "NVD",
"id": "CVE-2023-23313"
},
{
"db": "NVD",
"id": "CVE-2023-23313"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router\u0027s web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2. vigor2860 firmware, vigor2860n firmware, vigor2860n-plus firmware etc. DrayTek Corporation A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-23313"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004845"
},
{
"db": "VULMON",
"id": "CVE-2023-23313"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-23313",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004845",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202303-232",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-23313",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-23313"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-232"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004845"
},
{
"db": "NVD",
"id": "CVE-2023-23313"
}
]
},
"id": "VAR-202303-0563",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2025-10-09T23:02:19.523000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DrayTek Vigor routers Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=228531"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-232"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004845"
},
{
"db": "NVD",
"id": "CVE-2023-23313"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.horizonconsulting.com/advisories23-multiple-xss-stored-in-draytek-routers-cve-2023-23313"
},
{
"trust": 1.5,
"url": "https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-(cve-2023-23313)/"
},
{
"trust": 1.0,
"url": "https://www.draytek.com/about/security-advisory/cross-site-scripting-vulnerability-%28cve-2023-23313%29/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23313"
},
{
"trust": 0.7,
"url": "https://www.horizonsecurity.it/lang_en/advisories/?a=22\u0026title=multiple+xss+stored+in+draytek+routers+web+interface++cve202323313"
},
{
"trust": 0.6,
"url": "http://vigor3910vigor1000bvigor2962.com"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-23313/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-23313"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-232"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004845"
},
{
"db": "NVD",
"id": "CVE-2023-23313"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-23313"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-232"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004845"
},
{
"db": "NVD",
"id": "CVE-2023-23313"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-03T00:00:00",
"db": "VULMON",
"id": "CVE-2023-23313"
},
{
"date": "2023-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202303-232"
},
{
"date": "2023-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004845"
},
{
"date": "2023-03-03T22:15:09.690000",
"db": "NVD",
"id": "CVE-2023-23313"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-06T00:00:00",
"db": "VULMON",
"id": "CVE-2023-23313"
},
{
"date": "2023-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202303-232"
},
{
"date": "2023-11-02T04:46:00",
"db": "JVNDB",
"id": "JVNDB-2023-004845"
},
{
"date": "2025-10-07T19:00:07.737000",
"db": "NVD",
"id": "CVE-2023-23313"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-232"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0DrayTek\u00a0Corporation\u00a0 Cross-site scripting vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004845"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-232"
}
],
"trust": 0.6
}
}
VAR-202502-2174
Vulnerability from variot - Updated: 2025-06-06 23:33Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges. vigor3912 firmware, vigor2620 firmware, vigorlte200 firmware etc. DrayTek Corporation The product contains a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202502-2174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.2"
},
{
"model": "vigor2862",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.8"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.2"
},
{
"model": "vigor2765",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.5"
},
{
"model": "vigor2620",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2832",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.2"
},
{
"model": "vigor1000b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.2"
},
{
"model": "vigor2763",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.5"
},
{
"model": "vigor2766",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.5"
},
{
"model": "vigor3910",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.9"
},
{
"model": "vigor2915",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5"
},
{
"model": "vigor2135",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.5"
},
{
"model": "vigor2927",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.8"
},
{
"model": "vigor2962",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3"
},
{
"model": "vigor3220",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.5"
},
{
"model": "vigor2860",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.3"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.9"
},
{
"model": "vigor2865",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.8"
},
{
"model": "vigor3912",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.2"
},
{
"model": "vigor2952",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.5"
},
{
"model": "vigorlte200",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2925",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.3"
},
{
"model": "vigor2133",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.2"
},
{
"model": "vigor2866",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.8"
},
{
"model": "vigor2926",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.8"
},
{
"model": "vigor2762",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.2"
},
{
"model": "vigor2620",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2135",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2926",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2860",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2962",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2762",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2766",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2765",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2862",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2832",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2865",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2927",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigorlte200",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2763",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3910",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3912",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2133",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2866",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2925",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024494"
},
{
"db": "NVD",
"id": "CVE-2024-51138"
}
]
},
"cve": "CVE-2024-51138",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-51138",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-024494",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-51138",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2024-024494",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024494"
},
{
"db": "NVD",
"id": "CVE-2024-51138"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges. vigor3912 firmware, vigor2620 firmware, vigorlte200 firmware etc. DrayTek Corporation The product contains a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-51138"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024494"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-51138",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024494",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024494"
},
{
"db": "NVD",
"id": "CVE-2024-51138"
}
]
},
"id": "VAR-202502-2174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2025-06-06T23:33:03.729000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024494"
},
{
"db": "NVD",
"id": "CVE-2024-51138"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://draytek.com"
},
{
"trust": 1.8,
"url": "https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-51138"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024494"
},
{
"db": "NVD",
"id": "CVE-2024-51138"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024494"
},
{
"db": "NVD",
"id": "CVE-2024-51138"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-024494"
},
{
"date": "2025-02-27T21:15:37.023000",
"db": "NVD",
"id": "CVE-2024-51138"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-02T08:34:00",
"db": "JVNDB",
"id": "JVNDB-2024-024494"
},
{
"date": "2025-05-28T16:41:26.460000",
"db": "NVD",
"id": "CVE-2024-51138"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0DrayTek\u00a0Corporation\u00a0 Stack-based buffer overflow vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024494"
}
],
"trust": 0.8
}
}
VAR-202502-3730
Vulnerability from variot - Updated: 2025-06-05 23:11A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to cause a Denial of Service (DoS) via a crafted DHCP request. vigor165 firmware, vigor166 firmware, vigor2620 firmware etc. DrayTek Corporation The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202502-3730",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vigor2866",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor3912",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.5.2"
},
{
"model": "vigor2766",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.1"
},
{
"model": "vigor2620",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.8"
},
{
"model": "vigor165",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.6"
},
{
"model": "vigor2927",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.7"
},
{
"model": "vigor2860",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.7"
},
{
"model": "vigor2925",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.7"
},
{
"model": "vigor166",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.6"
},
{
"model": "vigor2765",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.1"
},
{
"model": "vigor2762",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8"
},
{
"model": "vigorlte200",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.8"
},
{
"model": "vigor2865",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2832",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8"
},
{
"model": "vigor2926",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.4"
},
{
"model": "vigor2135",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.1"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.7"
},
{
"model": "vigor2133",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8"
},
{
"model": "vigor2862",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.4"
},
{
"model": "vigor2832",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2765",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor166",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor165",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2133",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2762",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2926",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2135",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3912",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3910",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2620",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2866",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2962",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2925",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2862",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2860",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2766",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2927",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigorlte200",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2865",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024567"
},
{
"db": "NVD",
"id": "CVE-2024-41338"
}
]
},
"cve": "CVE-2024-41338",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-41338",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2024-024567",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-41338",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-024567",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024567"
},
{
"db": "NVD",
"id": "CVE-2024-41338"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to cause a Denial of Service (DoS) via a crafted DHCP request. vigor165 firmware, vigor166 firmware, vigor2620 firmware etc. DrayTek Corporation The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-41338"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024567"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-41338",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024567",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024567"
},
{
"db": "NVD",
"id": "CVE-2024-41338"
}
]
},
"id": "VAR-202502-3730",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2025-06-05T23:11:17.299000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024567"
},
{
"db": "NVD",
"id": "CVE-2024-41338"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://draytek.com"
},
{
"trust": 1.8,
"url": "https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-41338"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024567"
},
{
"db": "NVD",
"id": "CVE-2024-41338"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024567"
},
{
"db": "NVD",
"id": "CVE-2024-41338"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-024567"
},
{
"date": "2025-02-27T21:15:36.753000",
"db": "NVD",
"id": "CVE-2024-41338"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-04T01:26:00",
"db": "JVNDB",
"id": "JVNDB-2024-024567"
},
{
"date": "2025-06-03T14:06:40.670000",
"db": "NVD",
"id": "CVE-2024-41338"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0DrayTek\u00a0Corporation\u00a0 In the product \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024567"
}
],
"trust": 0.8
}
}
VAR-202502-3343
Vulnerability from variot - Updated: 2025-06-05 23:09An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to upload a crafted kernel module, allowing for arbitrary code execution. vigor165 firmware, vigor166 firmware, vigor2620 firmware etc. DrayTek Corporation The product contains an unrestricted file upload vulnerability of a dangerous type.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202502-3343",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vigor166",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.7"
},
{
"model": "vigor2866",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2860",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8"
},
{
"model": "vigor2762",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9"
},
{
"model": "vigor2766",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.1"
},
{
"model": "vigor2926",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.5"
},
{
"model": "vigor2832",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9"
},
{
"model": "vigor2927",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2862",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.5"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor2765",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.1"
},
{
"model": "vigor2133",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9"
},
{
"model": "vigor2620",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.9"
},
{
"model": "vigor2865",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor3910",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3"
},
{
"model": "vigorlte200",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.9"
},
{
"model": "vigor2925",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8"
},
{
"model": "vigor2135",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.1"
},
{
"model": "vigor165",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.7"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor2962",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.0"
},
{
"model": "vigor3912",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.6.1"
},
{
"model": "vigor2832",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2765",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor166",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor165",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2133",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2762",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2926",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2135",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3910",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2620",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2866",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2962",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2925",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2862",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2860",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2766",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2927",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigorlte200",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2865",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024541"
},
{
"db": "NVD",
"id": "CVE-2024-41339"
}
]
},
"cve": "CVE-2024-41339",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-41339",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-024541",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-41339",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-024541",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024541"
},
{
"db": "NVD",
"id": "CVE-2024-41339"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to upload a crafted kernel module, allowing for arbitrary code execution. vigor165 firmware, vigor166 firmware, vigor2620 firmware etc. DrayTek Corporation The product contains an unrestricted file upload vulnerability of a dangerous type.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-41339"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024541"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-41339",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024541",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024541"
},
{
"db": "NVD",
"id": "CVE-2024-41339"
}
]
},
"id": "VAR-202502-3343",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2025-06-05T23:09:34.182000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.0
},
{
"problemtype": "Unlimited uploads of dangerous types of files (CWE-434) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024541"
},
{
"db": "NVD",
"id": "CVE-2024-41339"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://draytek.com"
},
{
"trust": 1.8,
"url": "https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-41339"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024541"
},
{
"db": "NVD",
"id": "CVE-2024-41339"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024541"
},
{
"db": "NVD",
"id": "CVE-2024-41339"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-024541"
},
{
"date": "2025-02-27T21:15:36.837000",
"db": "NVD",
"id": "CVE-2024-41339"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-04T00:48:00",
"db": "JVNDB",
"id": "JVNDB-2024-024541"
},
{
"date": "2025-06-03T13:52:39.957000",
"db": "NVD",
"id": "CVE-2024-41339"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0DrayTek\u00a0Corporation\u00a0 Unrestricted Upload of Dangerous File Types Vulnerability in Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024541"
}
],
"trust": 0.8
}
}
VAR-202502-2792
Vulnerability from variot - Updated: 2025-06-05 23:05Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to not utilize certificate verification, allowing attackers to upload crafted APPE modules from non-official servers, leading to arbitrary code execution. vigor166 firmware, vigor2620 firmware, vigorlte200 firmware etc. DrayTek Corporation The product contains a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202502-2792",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vigor2866",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor3912",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.5.2"
},
{
"model": "vigor2766",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.1"
},
{
"model": "vigor2620",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.8"
},
{
"model": "vigor165",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.6"
},
{
"model": "vigor2927",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.7"
},
{
"model": "vigor2860",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.7"
},
{
"model": "vigor2925",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.7"
},
{
"model": "vigor166",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.6"
},
{
"model": "vigor2765",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.1"
},
{
"model": "vigor2762",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8"
},
{
"model": "vigorlte200",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.8"
},
{
"model": "vigor2865",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2832",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8"
},
{
"model": "vigor2926",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.4"
},
{
"model": "vigor2135",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.1"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.7"
},
{
"model": "vigor2133",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8"
},
{
"model": "vigor2862",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.4"
},
{
"model": "vigor2832",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2765",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor166",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor165",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2133",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2762",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2926",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2135",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3912",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3910",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2620",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2866",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2962",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2925",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2862",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2860",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2766",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2927",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigorlte200",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2865",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024560"
},
{
"db": "NVD",
"id": "CVE-2024-41334"
}
]
},
"cve": "CVE-2024-41334",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-41334",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-024560",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-41334",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-024560",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024560"
},
{
"db": "NVD",
"id": "CVE-2024-41334"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to not utilize certificate verification, allowing attackers to upload crafted APPE modules from non-official servers, leading to arbitrary code execution. vigor166 firmware, vigor2620 firmware, vigorlte200 firmware etc. DrayTek Corporation The product contains a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-41334"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024560"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-41334",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024560",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024560"
},
{
"db": "NVD",
"id": "CVE-2024-41334"
}
]
},
"id": "VAR-202502-2792",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2025-06-05T23:05:04.523000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.0
},
{
"problemtype": "Illegal certificate verification (CWE-295) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024560"
},
{
"db": "NVD",
"id": "CVE-2024-41334"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://draytek.com"
},
{
"trust": 1.8,
"url": "https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-41334"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024560"
},
{
"db": "NVD",
"id": "CVE-2024-41334"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024560"
},
{
"db": "NVD",
"id": "CVE-2024-41334"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-024560"
},
{
"date": "2025-02-27T21:15:36.483000",
"db": "NVD",
"id": "CVE-2024-41334"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-04T01:14:00",
"db": "JVNDB",
"id": "JVNDB-2024-024560"
},
{
"date": "2025-06-03T14:06:43.900000",
"db": "NVD",
"id": "CVE-2024-41334"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0DrayTek\u00a0Corporation\u00a0 Vulnerability related to certificate validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024560"
}
],
"trust": 0.8
}
}
VAR-202502-2583
Vulnerability from variot - Updated: 2025-06-05 23:01An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to upload crafted APP Enforcement modules, leading to arbitrary code execution. vigor165 firmware, vigor166 firmware, vigor2620 firmware etc. DrayTek Corporation The product contains an unrestricted file upload vulnerability of a dangerous type.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202502-2583",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vigor166",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.7"
},
{
"model": "vigor2866",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2860",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8"
},
{
"model": "vigor2762",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9"
},
{
"model": "vigor2766",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.1"
},
{
"model": "vigor2926",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.5"
},
{
"model": "vigor2832",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9"
},
{
"model": "vigor2927",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor2862",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.5"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor2765",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.1"
},
{
"model": "vigor2133",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9"
},
{
"model": "vigor2620",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.9"
},
{
"model": "vigor2865",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.3"
},
{
"model": "vigor3910",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3"
},
{
"model": "vigorlte200",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.9"
},
{
"model": "vigor2925",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8"
},
{
"model": "vigor2135",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.1"
},
{
"model": "vigor165",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.2.7"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.8"
},
{
"model": "vigor2962",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.0"
},
{
"model": "vigor3912",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.6.1"
},
{
"model": "vigor2832",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2765",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor166",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor165",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2133",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2762",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2926",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2135",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3910",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2620",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2866",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2962",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2925",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2862",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2860",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2766",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2927",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigorlte200",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2865",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024559"
},
{
"db": "NVD",
"id": "CVE-2024-41340"
}
]
},
"cve": "CVE-2024-41340",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2024-41340",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-024559",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-41340",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-024559",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024559"
},
{
"db": "NVD",
"id": "CVE-2024-41340"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to upload crafted APP Enforcement modules, leading to arbitrary code execution. vigor165 firmware, vigor166 firmware, vigor2620 firmware etc. DrayTek Corporation The product contains an unrestricted file upload vulnerability of a dangerous type.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-41340"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024559"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-41340",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024559",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024559"
},
{
"db": "NVD",
"id": "CVE-2024-41340"
}
]
},
"id": "VAR-202502-2583",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2025-06-05T23:01:14.505000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.0
},
{
"problemtype": "Unlimited uploads of dangerous types of files (CWE-434) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024559"
},
{
"db": "NVD",
"id": "CVE-2024-41340"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://draytek.com"
},
{
"trust": 1.8,
"url": "https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-41340"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024559"
},
{
"db": "NVD",
"id": "CVE-2024-41340"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024559"
},
{
"db": "NVD",
"id": "CVE-2024-41340"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-024559"
},
{
"date": "2025-02-27T21:15:36.923000",
"db": "NVD",
"id": "CVE-2024-41340"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-04T01:14:00",
"db": "JVNDB",
"id": "JVNDB-2024-024559"
},
{
"date": "2025-06-03T13:52:23.300000",
"db": "NVD",
"id": "CVE-2024-41340"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0DrayTek\u00a0Corporation\u00a0 Unrestricted Upload of Dangerous File Types Vulnerability in Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024559"
}
],
"trust": 0.8
}
}
VAR-202502-3527
Vulnerability from variot - Updated: 2025-05-30 23:29Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests. vigor2620 firmware, vigorlte200 firmware, vigor2860 firmware etc. DrayTek Corporation The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202502-3527",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vigor1000b",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.2"
},
{
"model": "vigor2926",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.8"
},
{
"model": "vigor2862",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.8"
},
{
"model": "vigor2133",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.2"
},
{
"model": "vigor2765",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.5"
},
{
"model": "vigor2865",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.8"
},
{
"model": "vigor2927",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.8"
},
{
"model": "vigor3910",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3"
},
{
"model": "vigor2962",
"scope": "gte",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3"
},
{
"model": "vigor2763",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.5"
},
{
"model": "vigor2766",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.5"
},
{
"model": "vigor3912",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.2"
},
{
"model": "vigor2832",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.2"
},
{
"model": "vigor2860",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.3"
},
{
"model": "vigor2762",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.2"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.2"
},
{
"model": "vigorlte200",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor2135",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.5"
},
{
"model": "vigor2925",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.3"
},
{
"model": "vigor2962",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.9"
},
{
"model": "vigor2866",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5.8"
},
{
"model": "vigor2620",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.9.1"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.3.2"
},
{
"model": "vigor2915",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.4.5"
},
{
"model": "vigor3220",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.5"
},
{
"model": "vigor3910",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "4.3.2.9"
},
{
"model": "vigor2952",
"scope": "lt",
"trust": 1.0,
"vendor": "draytek",
"version": "3.9.8.5"
},
{
"model": "vigor2862",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2927",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2133",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2763",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2925",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2135",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2620",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2765",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2866",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2962",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2766",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor3910",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2860",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2926",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2832",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigorlte200",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2762",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2865",
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024338"
},
{
"db": "NVD",
"id": "CVE-2024-51139"
}
]
},
"cve": "CVE-2024-51139",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-51139",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-024338",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-51139",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2024-024338",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024338"
},
{
"db": "NVD",
"id": "CVE-2024-51139"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser\u0027s handling of the \"Content-Length\" header of HTTP POST requests. vigor2620 firmware, vigorlte200 firmware, vigor2860 firmware etc. DrayTek Corporation The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-51139"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024338"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-51139",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024338",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024338"
},
{
"db": "NVD",
"id": "CVE-2024-51139"
}
]
},
"id": "VAR-202502-3527",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2025-05-30T23:29:21.699000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024338"
},
{
"db": "NVD",
"id": "CVE-2024-51139"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://draytek.com"
},
{
"trust": 1.8,
"url": "https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-51139"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024338"
},
{
"db": "NVD",
"id": "CVE-2024-51139"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024338"
},
{
"db": "NVD",
"id": "CVE-2024-51139"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-024338"
},
{
"date": "2025-02-27T21:15:37.123000",
"db": "NVD",
"id": "CVE-2024-51139"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-29T05:34:00",
"db": "JVNDB",
"id": "JVNDB-2024-024338"
},
{
"date": "2025-05-28T16:23:26.310000",
"db": "NVD",
"id": "CVE-2024-51139"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0DrayTek\u00a0Corporation\u00a0 Classic buffer overflow vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024338"
}
],
"trust": 0.8
}
}