Buffer Overflow Vulnerability in Draytek Vigor 3910 Product
CVE-2024-46554

7.5HIGH

Key Information:

Vendor: Draytek
Status: Vigor3910 Firmware
Vendor: CVE Published:; 18 September 2024

Summary

The Draytek Vigor 3910 running version v4.3.2.6 is affected by a buffer overflow vulnerability in the profname parameter at v2x00.cgi. This issue can be exploited by attackers to execute a Denial of Service (DoS) attack through specially crafted input, resulting in service interruptions and potential disruptions in network operations. Organizations using this device should seek immediate mitigation measures to protect their systems from such threats.

References

https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analy...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2024