Sagemcom F St 3686 Firmware vulnerabilities
5 known vulnerabilities affecting sagemcom/f_st_3686_firmware.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-19494P2HIGHCVSS 8.8PoCv3.428.0v4.83.02020-01-09
CVE-2019-19494 [HIGH] CWE-120 CVE-2019-19494: Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allow
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0
nvd
CVE-2025-29329P2CRITICALCVSS 9.8v4.121.02026-01-12
CVE-2025-29329 [CRITICAL] CWE-120 CVE-2025-29329: Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom F@st 3686 MAGYAR_4.
Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom F@st 3686 MAGYAR_4.121.0 allows remote attacker to execute arbitrary code by sending a crafted HTTP request.
nvd
CVE-2021-3304P3CRITICALCVSS 9.8v3.4952021-01-26
CVE-2021-3304 [CRITICAL] CWE-120 CVE-2021-3304: Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login
Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI.
nvd
CVE-2024-1623P3HIGHCVSS 7.8fixed in 3.709.22024-03-14
CVE-2024-1623 [HIGH] CWE-613 CVE-2024-1623: Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vu
Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly.
nvd
CVE-2020-21733P4MEDIUMCVSS 6.1v1.0_hun_3.97.02020-09-14
CVE-2020-21733 [MEDIUM] CWE-79 CVE-2020-21733: Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpn
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.
nvd