cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12987,https://securityvulnerability.io/vulnerability/CVE-2024-12987,Web Management Interface Command Injection Vulnerability in DrayTek Vigor Devices,"A remote command injection vulnerability has been identified within the web management interface of DrayTek's Vigor2960 and Vigor300B devices. This vulnerability arises from improper manipulation of the session argument in the file located at /cgi-bin/mainfunction.cgi/apmcfgupload. Attackers can exploit this flaw remotely to execute arbitrary operating system commands on the vulnerable device, potentially compromising its integrity and security. Users are strongly advised to upgrade to the latest version, 1.5.1.5, to mitigate this risk and enhance their system's defense against such attacks.",Draytek,"Vigor2960,Vigor300b",,,0.0004600000102072954,false,,false,false,true,2024-12-27T16:00:13.000Z,true,false,false,,2024-12-27T16:00:13.600Z,238
CVE-2024-12986,https://securityvulnerability.io/vulnerability/CVE-2024-12986,OS Command Injection Vulnerability in DrayTek Vigor2960 and Vigor300B,"A vulnerability has been identified within the web management interface of DrayTek Vigor2960 and Vigor300B devices that allows for OS command injection through improper handling of the session argument in the /cgi-bin/mainfunction.cgi/apmcfgupptim file. This flaw could potentially be exploited remotely, enabling attackers to execute arbitrary commands on the underlying operating system. Affected users are strongly encouraged to upgrade their devices to version 1.5.1.5 to mitigate the risk associated with this vulnerability. Awareness and prompt action can prevent unauthorized access and maintain the integrity of network devices.",Draytek,"Vigor2960,Vigor300b",6.9,MEDIUM,0.0004600000102072954,false,,false,false,true,2024-12-27T15:31:05.000Z,true,false,false,,2024-12-27T15:31:05.003Z,0
CVE-2020-14472,https://securityvulnerability.io/vulnerability/CVE-2020-14472,Command Injection Vulnerabilities in Draytek Vigor Devices,"Draytek's Vigor3900, Vigor2960, and Vigor 300B devices are susceptible to command injection flaws found in the mainfunction.cgi file. These vulnerabilities could allow an attacker to execute arbitrary commands on the affected devices, potentially compromising their security and functionality. It is crucial for users of these devices to apply the necessary updates to mitigate any risks associated with this vulnerability.",Draytek,Vigor300b Firmware,9.8,CRITICAL,0.012790000066161156,false,,false,false,false,,,false,false,,2020-06-24T16:51:23.000Z,0
CVE-2020-14473,https://securityvulnerability.io/vulnerability/CVE-2020-14473,Stack-based Buffer Overflow in DrayTek Vigor Routers,"A stack-based buffer overflow vulnerability exists in DrayTek's Vigor3900, Vigor2960, and Vigor300B devices with firmware earlier than version 1.5.1.1. When exploited, this vulnerability could allow attackers to execute arbitrary code, potentially compromising the device's integrity and enabling unauthorized access to the network.",Draytek,Vigor300b Firmware,9.8,CRITICAL,0.005590000189840794,false,,false,false,false,,,false,false,,2020-06-24T16:41:51.000Z,0
CVE-2020-14993,https://securityvulnerability.io/vulnerability/CVE-2020-14993,Stack-based Buffer Overflow in DrayTek Vigor Series,"A stack-based buffer overflow vulnerability exists on DrayTek Vigor2960, Vigor3900, and Vigor300B devices prior to version 1.5.1.1. This security flaw allows remote attackers to exploit the formuserphonenumber parameter in an authusersms action via mainfunction.cgi, potentially leading to the execution of arbitrary code. Proper updates and security patches are recommended to mitigate this vulnerability.",Draytek,Vigor300b Firmware,9.8,CRITICAL,0.03700000047683716,false,,false,false,false,,,false,false,,2020-06-23T11:50:58.000Z,0
CVE-2020-10828,https://securityvulnerability.io/vulnerability/CVE-2020-10828,Stack-Based Buffer Overflow in Draytek Vigor Devices,"A stack-based buffer overflow vulnerability exists in the cvmd component of Draytek Vigor3900, Vigor2960, and Vigor300B routers prior to version 1.5.1. This flaw enables remote attackers to execute arbitrary code on the affected devices by sending specially crafted HTTP requests. If exploited, this vulnerability could lead to unauthorized access and control over the network, compromising sensitive data and operations.",Draytek,Vigor300b Firmware,9.8,CRITICAL,0.01988999918103218,false,,false,false,false,,,false,false,,2020-03-26T16:05:21.000Z,0
CVE-2020-10827,https://securityvulnerability.io/vulnerability/CVE-2020-10827,"Stack-Based Buffer Overflow in Draytek Vigor3900, Vigor2960, and Vigor300B Devices","A stack-based buffer overflow vulnerability exists in the apmd service on Draytek Vigor3900, Vigor2960, and Vigor300B devices prior to version 1.5.1. This flaw enables remote attackers to execute arbitrary code by sending specially crafted HTTP requests, potentially compromising the integrity and confidentiality of the device. Users are advised to update their devices to mitigate this risk.",Draytek,Vigor300b Firmware,9.8,CRITICAL,0.01988999918103218,false,,false,false,false,,,false,false,,2020-03-26T16:05:12.000Z,0
CVE-2020-10826,https://securityvulnerability.io/vulnerability/CVE-2020-10826,Command Injection Vulnerability in Draytek Vigor Devices,"A command injection vulnerability has been identified in the /cgi-bin/activate.cgi component of Draytek Vigor3900, Vigor2960, and Vigor300B devices prior to version 1.5.1. This vulnerability enables remote attackers to execute arbitrary commands by sending specially crafted HTTP requests while the device is in DEBUG mode. Proper security measures should be taken to mitigate potential exploitation.",Draytek,Vigor300b Firmware,9.8,CRITICAL,0.005249999929219484,false,,false,false,false,,,false,false,,2020-03-26T16:05:03.000Z,0
CVE-2020-10825,https://securityvulnerability.io/vulnerability/CVE-2020-10825,Stack-Based Buffer Overflow in Draytek Vigor Devices,"A stack-based buffer overflow vulnerability exists in the /cgi-bin/activate.cgi component of Draytek Vigor3900, Vigor2960, and Vigor300B devices. This issue arises when handling the 'ticket' parameter during base64 decoding. Attackers can exploit this vulnerability by sending crafted HTTP requests to trigger the overflow, which may lead to unauthorized code execution on the targeted devices.",Draytek,Vigor300b Firmware,9.8,CRITICAL,0.01988999918103218,false,,false,false,false,,,false,false,,2020-03-26T16:04:57.000Z,0
CVE-2020-10824,https://securityvulnerability.io/vulnerability/CVE-2020-10824,"Stack-Based Buffer Overflow in Draytek Vigor3900, Vigor2960, and Vigor300B Devices","A stack-based buffer overflow vulnerability exists in the /cgi-bin/activate.cgi component of Draytek Vigor3900, Vigor2960, and Vigor300B devices prior to version 1.5.1. This flaw may allow remote attackers to trigger code execution by crafting a malicious HTTP request that exploits the vulnerable ticket parameter, leading to potential unauthorized access and control over the device.",Draytek,Vigor300b Firmware,9.8,CRITICAL,0.01988999918103218,false,,false,false,false,,,false,false,,2020-03-26T16:04:44.000Z,0
CVE-2020-10823,https://securityvulnerability.io/vulnerability/CVE-2020-10823,Stack-based Buffer Overflow in Draytek Vigor Devices,"A stack-based buffer overflow vulnerability has been identified in Draytek Vigor3900, Vigor2960, and Vigor300B devices prior to version 1.5.1. This security flaw resides in the /cgi-bin/activate.cgi component, which processes the 'var' parameter. Attackers can exploit this vulnerability to execute arbitrary code remotely through crafted HTTP requests, potentially compromising the affected devices.",Draytek,Vigor300b Firmware,9.8,CRITICAL,0.01988999918103218,false,,false,false,false,,,false,false,,2020-03-26T16:04:38.000Z,0