Vigor3910 devices affected by OS command injection vulnerability
CVE-2024-41585

Currently unrated

Key Information:

Vendor: DrayTek
Vendor: CVE Published:; 3 October 2024

Badges

📰 News Worthy

Summary

DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine.

News Articles

Hackread

CVE-2024-41592 CVE-2024-41585

Critical Vulnerabilities Expose Nearly 1 Million DrayTek Routers - PATCH NOW!

Critical security vulnerabilities exposed in DrayTek Vigor routers: Discover how to protect your network from these serious flaws.

The Register

CVE-2024-41592 CVE-2024-41585

700K+ DrayTek routers are sitting ducks on the internet

Fourteen newly found bugs in DrayTek Vigor routers — including one critical remote-code-execution flaw that received a perfect 10 out of 10 CVSS severity rating — could be abused by crooks looking to seize...

References

https://www.forescout.com/resources/draytek14-vulnerabili...

https://www.forescout.com/resources/draybreak-draytek-res...

Timeline

Vulnerability published
Oct 3, 2024
📰
First article discovered by The Register
Oct 2, 2024