CVE-2024-41588

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-41588
The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.

8.0 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.forescout.com/resources/draybreak-draytek-research/
https://www.forescout.com/resources/draytek14-vulnerabilities
Configurations

No configuration.

History

07 Oct 2024, 19:37

Type Values Removed Values Added
CWE CWE-120
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.0

04 Oct 2024, 13:50

Type Values Removed Values Added
Summary
  • (es) Los endpoints CGI v2x00.cgi y cgiwcg.cgi de los dispositivos DrayTek Vigor3910 hasta 4.3.2.6 son vulnerables a desbordamientos de búfer, por parte de usuarios autenticados, debido a la falta de verificación de los límites en los parámetros pasados a través de solicitudes POST a la función strncpy.

03 Oct 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-03 19:15

Updated : 2024-10-07 19:37

NVD link : CVE-2024-41588

Mitre link : CVE-2024-41588

CVE.ORG link : CVE-2024-41588

JSON object : View

Products Affected

No product.

CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024