Buffer Overflow Vulnerability in Draytek Vigor 3910 Router
CVE-2024-46551

7.5HIGH

Key Information:

Vendor: Draytek
Status: Vigor3910 Firmware
Vendor: CVE Published:; 18 September 2024

What is CVE-2024-46551?

A buffer overflow vulnerability has been identified in the Draytek Vigor 3910 router, specifically in the sBPA_Pwd parameter found at inet15.cgi. This flaw permits attackers to exploit the router, potentially leading to a Denial of Service (DoS). By sending specially crafted input, an attacker may disrupt the normal operations of the router, impairing its availability and functionality for legitimate users. Given the significance of routers in network security, it is vital for users to address this vulnerability promptly.

References

https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analy...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2024