Buffer Overflow Vulnerability in Draytek Vigor 3910 Product
CVE-2024-46566

7.5HIGH

Key Information:

Vendor: Draytek
Status: Vigor3910 Firmware
Vendor: CVE Published:; 18 September 2024

Summary

A buffer overflow vulnerability exists in the sAppName parameter within the sslapp.cgi of the Draytek Vigor 3910 version 4.3.2.6. This security flaw enables attackers to exploit the vulnerability by sending specially crafted input, which can lead to a Denial of Service (DoS) condition. Organizations utilizing this product should implement necessary security measures to mitigate potential risks associated with this vulnerability.

References

https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analy...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2024