Vigor3912_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Vigor3912_firmware
(Draytek)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	14

Date	Id	Summary	Products	Score	Patch	Annotated
2024-10-03	CVE-2024-41588	The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.	Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware	N/A
2024-10-03	CVE-2024-41590	Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.	Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware	N/A
2024-10-03	CVE-2024-41596	Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.	Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware	N/A
2024-10-03	CVE-2024-41592	DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.	Vigor1000b_firmware, Vigor165_firmware, Vigor166_firmware, Vigor2133_firmware, Vigor2135_firmware, Vigor2620_firmware, Vigor2762_firmware, Vigor2763_firmware, Vigor2765_firmware, Vigor2766_firmware, Vigor2832_firmware, Vigor2860_firmware, Vigor2862_firmware, Vigor2865_firmware, Vigor2866_firmware, Vigor2915_firmware, Vigor2925_firmware, Vigor2926_firmware, Vigor2952_firmware, Vigor2962_firmware, Vigor3220_firmware, Vigor3910_firmware, Vigor3912_firmware, Vigorlte200_firmware	N/A