Vulnerability Description
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Draytek | Vigor2765 Firmware | < 4.4.5.3 |
| Draytek | Vigor2765 | - |
| Draytek | Vigor2763 Firmware | < 4.4.5.3 |
| Draytek | Vigor2763 | - |
| Draytek | Vigor2135 Firmware | < 4.4.5.3 |
| Draytek | Vigor2135 | - |
| Draytek | Vigor166 Firmware | < 4.2.7 |
| Draytek | Vigor166 | - |
| Draytek | Vigor3912 Firmware | < 4.3.6.1 |
| Draytek | Vigor3912 | - |
| Draytek | Vigor1000B Firmware | < 4.3.2.8 |
| Draytek | Vigor1000B | - |
| Draytek | Vigor165 Firmware | < 4.2.7 |
| Draytek | Vigor165 | - |
| Draytek | Vigor3910 Firmware | < 4.3.2.8 |
| Draytek | Vigor3910 | - |
| Draytek | Vigor2962 Firmware | < 4.3.2.8 |
| Draytek | Vigor2962 | - |
| Draytek | Vigorlte200 Firmware | All versions |
| Draytek | Vigorlte200 | - |
Related Weaknesses (CWE)
References
- https://www.forescout.com/resources/draybreak-draytek-research/MitigationTechnical DescriptionThird Party Advisory
- https://www.forescout.com/resources/draytek14-vulnerabilitiesBroken Link
FAQ
What is CVE-2024-41590?
CVE-2024-41590 is a vulnerability with a CVSS score of 8.0 (HIGH). Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor3...
How severe is CVE-2024-41590?
CVE-2024-41590 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-41590?
Check the references section above for vendor advisories and patch information. Affected products include: Draytek Vigor2765 Firmware, Draytek Vigor2765, Draytek Vigor2763 Firmware, Draytek Vigor2763, Draytek Vigor2135 Firmware.