Buffer Overflow in sProfileName Parameter at usergrp.cgi Causes Denial of Service
CVE-2024-46585

7.5HIGH

Key Information:

Vendor
Draytek
Status
Vigor3910 Firmware
Vendor
CVE Published:
18 September 2024

Summary

The Draytek Vigor 3910, specifically version 4.3.2.6, is susceptible to a buffer overflow vulnerability found within the sProfileName parameter at usergrp.cgi. This flaw can allow malicious actors to send specially crafted input that leads to a Denial of Service (DoS), potentially disrupting the normal operation of the device. Network administrators should be vigilant and consider best practices for securing their devices against possible exploit attempts.

References

https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analy...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-46585 : Buffer Overflow in sProfileName Parameter at usergrp.cgi Causes Denial of Service | SecurityVulnerability.io