Описание
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.
Затрагиваемое ПО
Draytek Vigor2952 firmwareDraytek Vigor2952Draytek Vigor2620 firmwareDraytek Vigor2620Draytek Vigor2915 firmwareDraytek Vigor2915Draytek Vigor2866 firmwareDraytek Vigor2866Draytek Vigor2766 firmwareDraytek Vigor2766Draytek Vigor2865 firmwareDraytek Vigor2865Draytek Vigor2765 firmwareDraytek Vigor2765Draytek Vigor2763 firmwareDraytek Vigor2763Draytek Vigor2135 firmwareDraytek Vigor2135Draytek Vigor166 firmwareDraytek Vigor166Draytek Vigor3912 firmwareDraytek Vigor3912Draytek Vigor1000b firmwareDraytek Vigor1000bDraytek Vigor165 firmware
CVSS
| Балл | 8 — высокая |
| Вектор | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Источники
https://www.forescout.com/resources/draybreak-draytek-research/https://www.forescout.com/resources/draytek14-vulnerabilities