Buffer Overflow in sProfileName Parameter at usergrp.cgi Causes Denial of Service
CVE-2024-46585

7.5HIGH

Key Information:

Vendor: Draytek
Status: Vigor3910 Firmware
Vendor: CVE Published:; 18 September 2024

What is CVE-2024-46585?

The Draytek Vigor 3910, specifically version 4.3.2.6, is susceptible to a buffer overflow vulnerability found within the sProfileName parameter at usergrp.cgi. This flaw can allow malicious actors to send specially crafted input that leads to a Denial of Service (DoS), potentially disrupting the normal operation of the device. Network administrators should be vigilant and consider best practices for securing their devices against possible exploit attempts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analy...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2024

JSON

Draytek

What is CVE-2024-46585?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.