Buffer Overflow Vulnerability in DrayTek Vigor3910 Endpoints
CVE-2024-41588

Currently unrated

Key Information:

Vendor: DrayTek
Status: Vigor2620 Firmware
Vendor: CVE Published:; 3 October 2024

What is CVE-2024-41588?

The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.

References

https://www.forescout.com/resources/draytek14-vulnerabili...

https://www.forescout.com/resources/draybreak-draytek-res...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2024