Details of VAR-202410-3388

ID

VAR-202410-3388

CVE

CVE-2024-41596

TITLE

plural DrayTek Corporation Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2024-024991

DESCRIPTION

Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. vigor2620 firmware, vigor2915 firmware, vigor2866 firmware etc. DrayTek Corporation The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-41596 // JVNDB: JVNDB-2024-024991

AFFECTED PRODUCTS

vendor:	draytek	model:	vigor2865	scope:	lt	version:	4.4.5.2	Trust: 1.0
vendor:	draytek	model:	vigor2962	scope:	lt	version:	4.4.3.1	Trust: 1.0
vendor:	draytek	model:	vigor2766	scope:	lt	version:	4.4.5.3	Trust: 1.0
vendor:	draytek	model:	vigor1000b	scope:	gte	version:	4.4.0.0	Trust: 1.0
vendor:	draytek	model:	vigor2866	scope:	lt	version:	4.4.5.2	Trust: 1.0
vendor:	draytek	model:	vigor2765	scope:	lt	version:	4.4.5.3	Trust: 1.0
vendor:	draytek	model:	vigor166	scope:	lt	version:	4.2.7	Trust: 1.0
vendor:	draytek	model:	vigor2862	scope:	eq	version:	*	Trust: 1.0
vendor:	draytek	model:	vigor2952	scope:	eq	version:	*	Trust: 1.0
vendor:	draytek	model:	vigor3910	scope:	lt	version:	4.4.3.1	Trust: 1.0
vendor:	draytek	model:	vigor1000b	scope:	lt	version:	4.4.3.1	Trust: 1.0
vendor:	draytek	model:	vigor2763	scope:	lt	version:	4.4.5.3	Trust: 1.0
vendor:	draytek	model:	vigor2925	scope:	eq	version:	*	Trust: 1.0
vendor:	draytek	model:	vigor2926	scope:	eq	version:	*	Trust: 1.0
vendor:	draytek	model:	vigor2620	scope:	eq	version:	*	Trust: 1.0
vendor:	draytek	model:	vigorlte200	scope:	eq	version:	*	Trust: 1.0
vendor:	draytek	model:	vigor2832	scope:	eq	version:	*	Trust: 1.0
vendor:	draytek	model:	vigor2135	scope:	lt	version:	4.4.5.3	Trust: 1.0
vendor:	draytek	model:	vigor3912	scope:	lt	version:	4.3.6.1	Trust: 1.0
vendor:	draytek	model:	vigor2962	scope:	gte	version:	4.4.0.0	Trust: 1.0
vendor:	draytek	model:	vigor2962	scope:	lt	version:	4.3.2.8	Trust: 1.0
vendor:	draytek	model:	vigor3220	scope:	eq	version:	*	Trust: 1.0
vendor:	draytek	model:	vigor165	scope:	lt	version:	4.2.7	Trust: 1.0
vendor:	draytek	model:	vigor2915	scope:	lt	version:	4.4.5.3	Trust: 1.0
vendor:	draytek	model:	vigor3910	scope:	gte	version:	4.4.0.0	Trust: 1.0
vendor:	draytek	model:	vigor2762	scope:	eq	version:	*	Trust: 1.0
vendor:	draytek	model:	vigor3910	scope:	lt	version:	4.3.2.8	Trust: 1.0
vendor:	draytek	model:	vigor2860	scope:	eq	version:	*	Trust: 1.0
vendor:	draytek	model:	vigor2133	scope:	eq	version:	*	Trust: 1.0
vendor:	draytek	model:	vigor1000b	scope:	lt	version:	4.3.2.8	Trust: 1.0
vendor:	draytek	model:	vigor2135	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor1000b	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor3912	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor3910	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2765	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigorlte200	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2762	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2133	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor165	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2865	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2620	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor166	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2763	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2962	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2866	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2766	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2915	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-024991 // NVD: CVE-2024-41596

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-41596
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-024991
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-41596
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-024991
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-024991 // NVD: CVE-2024-41596

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-024991 // NVD: CVE-2024-41596

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41596	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-024991	Trust: 0.8

sources: JVNDB: JVNDB-2024-024991 // NVD: CVE-2024-41596

REFERENCES

url:	https://www.forescout.com/resources/draybreak-draytek-research/	Trust: 1.8
url:	https://www.forescout.com/resources/draytek14-vulnerabilities	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-41596	Trust: 0.8

sources: JVNDB: JVNDB-2024-024991 // NVD: CVE-2024-41596

SOURCES

db:	JVNDB	id:	JVNDB-2024-024991
db:	NVD	id:	CVE-2024-41596

LAST UPDATE DATE

2025-06-14T22:55:02.079000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-024991	date:	2025-06-12T05:43:00
db:	NVD	id:	CVE-2024-41596	date:	2025-06-11T13:40:06.773

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-024991	date:	2025-06-12T00:00:00
db:	NVD	id:	CVE-2024-41596	date:	2024-10-03T19:15:04.923