ГлавнаяУязвимости → CVE-2024-41588
8высокая

CVE-2024-41588

Описание

The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.

Затрагиваемое ПО
Draytek Vigor2620 firmwareDraytek Vigor2620Draytek Vigor2915 firmwareDraytek Vigor2915Draytek Vigor2866 firmwareDraytek Vigor2866Draytek Vigor2766 firmwareDraytek Vigor2766Draytek Vigor2865 firmwareDraytek Vigor2865Draytek Vigor2765 firmwareDraytek Vigor2765Draytek Vigor2763 firmwareDraytek Vigor2763Draytek Vigor2135 firmwareDraytek Vigor2135Draytek Vigor166 firmwareDraytek Vigor166Draytek Vigor3912 firmwareDraytek Vigor3912Draytek Vigor1000b firmwareDraytek Vigor1000bDraytek Vigor165 firmwareDraytek Vigor165Draytek Vigor3910 firmware
CVSS
Балл8 — высокая
ВекторCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.forescout.com/resources/draybreak-draytek-research/https://www.forescout.com/resources/draytek14-vulnerabilities