Vulnerability Description
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Draytek | Vigor2620 Firmware | All versions |
| Draytek | Vigor2620 | - |
| Draytek | Vigor2915 Firmware | < 4.4.5.3 |
| Draytek | Vigor2915 | - |
| Draytek | Vigor2866 Firmware | < 4.4.5.2 |
| Draytek | Vigor2866 | - |
| Draytek | Vigor2766 Firmware | < 4.4.5.3 |
| Draytek | Vigor2766 | - |
| Draytek | Vigor2865 Firmware | < 4.4.5.2 |
| Draytek | Vigor2865 | - |
| Draytek | Vigor2765 Firmware | < 4.4.5.3 |
| Draytek | Vigor2765 | - |
| Draytek | Vigor2763 Firmware | < 4.4.5.3 |
| Draytek | Vigor2763 | - |
| Draytek | Vigor2135 Firmware | < 4.4.5.3 |
| Draytek | Vigor2135 | - |
| Draytek | Vigor166 Firmware | < 4.2.7 |
| Draytek | Vigor166 | - |
| Draytek | Vigor3912 Firmware | < 4.3.6.1 |
| Draytek | Vigor3912 | - |
Related Weaknesses (CWE)
References
- https://www.forescout.com/resources/draybreak-draytek-research/MitigationTechnical DescriptionThird Party Advisory
- https://www.forescout.com/resources/draytek14-vulnerabilitiesBroken Link
FAQ
What is CVE-2024-41596?
CVE-2024-41596 is a vulnerability with a CVSS score of 8.0 (HIGH). Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.
How severe is CVE-2024-41596?
CVE-2024-41596 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-41596?
Check the references section above for vendor advisories and patch information. Affected products include: Draytek Vigor2620 Firmware, Draytek Vigor2620, Draytek Vigor2915 Firmware, Draytek Vigor2915, Draytek Vigor2866 Firmware.