Sign-up

ID

VAR-202410-0861


CVE

CVE-2024-41590


TITLE

plural  DrayTek Corporation  Stack-based buffer overflow vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2024-024980

DESCRIPTION

Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6. vigor2765 firmware, vigor2763 firmware, vigor2135 firmware etc. DrayTek Corporation The product contains a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-41590 // JVNDB: JVNDB-2024-024980

AFFECTED PRODUCTS

vendor:draytekmodel:vigor3910scope:ltversion:4.4.3.1

Trust: 1.0

vendor:draytekmodel:vigorlte200scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor2952scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor1000bscope:ltversion:4.4.3.1

Trust: 1.0

vendor:draytekmodel:vigor2865scope:ltversion:4.4.5.2

Trust: 1.0

vendor:draytekmodel:vigor2860scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor2135scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor2866scope:ltversion:4.4.5.2

Trust: 1.0

vendor:draytekmodel:vigor2762scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor3910scope:ltversion:4.3.2.8

Trust: 1.0

vendor:draytekmodel:vigor2962scope:ltversion:4.4.3.1

Trust: 1.0

vendor:draytekmodel:vigor1000bscope:ltversion:4.3.2.8

Trust: 1.0

vendor:draytekmodel:vigor2620scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor2763scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor2962scope:gteversion:4.4.0.0

Trust: 1.0

vendor:draytekmodel:vigor2962scope:ltversion:4.3.2.8

Trust: 1.0

vendor:draytekmodel:vigor2765scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor2926scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor3220scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor2766scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor165scope:ltversion:4.2.7

Trust: 1.0

vendor:draytekmodel:vigor2832scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor2925scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor2915scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor2133scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor3912scope:ltversion:4.3.6.1

Trust: 1.0

vendor:draytekmodel:vigor1000bscope:gteversion:4.4.0.0

Trust: 1.0

vendor:draytekmodel:vigor166scope:ltversion:4.2.7

Trust: 1.0

vendor:draytekmodel:vigor2862scope:eqversion:*

Trust: 1.0

vendor:draytekmodel:vigor3910scope:gteversion:4.4.0.0

Trust: 1.0

vendor:draytekmodel:vigor2135scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor1000bscope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2860scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor3912scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor3910scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2765scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2926scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigorlte200scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2762scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2133scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2832scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor165scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2925scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2962scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor166scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2763scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2862scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-024980 // NVD: CVE-2024-41590

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-41590
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-024980
value: HIGH

Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-41590
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-024980
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-024980 // NVD: CVE-2024-41590

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-024980 // NVD: CVE-2024-41590

EXTERNAL IDS

db:NVDid:CVE-2024-41590

Trust: 2.6

db:JVNDBid:JVNDB-2024-024980

Trust: 0.8

sources: JVNDB: JVNDB-2024-024980 // NVD: CVE-2024-41590

REFERENCES

url:https://www.forescout.com/resources/draybreak-draytek-research/

Trust: 1.8

url:https://www.forescout.com/resources/draytek14-vulnerabilities

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-41590

Trust: 0.8

sources: JVNDB: JVNDB-2024-024980 // NVD: CVE-2024-41590

SOURCES

db:JVNDBid:JVNDB-2024-024980
db:NVDid:CVE-2024-41590

LAST UPDATE DATE

2025-06-14T23:01:59.260000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-024980date:2025-06-12T05:12:00
db:NVDid:CVE-2024-41590date:2025-06-11T13:49:57.290

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-024980date:2025-06-12T00:00:00
db:NVDid:CVE-2024-41590date:2024-10-03T19:15:04.487