Описание
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.
Затрагиваемое ПО
Draytek Vigor2765 firmwareDraytek Vigor2765Draytek Vigor2763 firmwareDraytek Vigor2763Draytek Vigor2135 firmwareDraytek Vigor2135Draytek Vigor166 firmwareDraytek Vigor166Draytek Vigor3912 firmwareDraytek Vigor3912Draytek Vigor1000b firmwareDraytek Vigor1000bDraytek Vigor165 firmwareDraytek Vigor165Draytek Vigor3910 firmwareDraytek Vigor3910Draytek Vigor2962 firmwareDraytek Vigor2962Draytek Vigorlte200 firmwareDraytek Vigorlte200Draytek Vigor2133 firmwareDraytek Vigor2133Draytek Vigor2762 firmwareDraytek Vigor2762Draytek Vigor2832 firmware
CVSS
| Балл | 8 — высокая |
| Вектор | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Источники
https://www.forescout.com/resources/draybreak-draytek-research/https://www.forescout.com/resources/draytek14-vulnerabilities