ГлавнаяУязвимости → CVE-2024-41593
9.8критическая

CVE-2024-41593

Описание

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.

Затрагиваемое ПО
Draytek Vigor3912 firmwareDraytek Vigor3912Draytek Vigor2962 firmwareDraytek Vigor2962Draytek Vigor3910 firmwareDraytek Vigor3910Draytek Vigor165 firmwareDraytek Vigor165Draytek Vigor1000b firmwareDraytek Vigor1000bDraytek Vigor166 firmwareDraytek Vigor166Draytek Vigor2135 firmwareDraytek Vigor2135Draytek Vigor2763 firmwareDraytek Vigor2763Draytek Vigor2765 firmwareDraytek Vigor2765Draytek Vigor2865 firmwareDraytek Vigor2865Draytek Vigor2766 firmwareDraytek Vigor2766Draytek Vigor2866 firmwareDraytek Vigor2866Draytek Vigor2915 firmware
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.forescout.com/resources/draybreak-draytek-research/https://www.forescout.com/resources/draytek14-vulnerabilities