CVE-2024-46583

Published: Sep 18, 2024Modified: Mar 18, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Affected (1)

Products: Draytek: Vigor3910 Firmware

Draytek

1 product

Vigor3910 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor3910 Firmware	Version 4.3.2.6

Running on/with	Platform Versions
Draytek Vigor3910	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (1)

https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analysis-Report-b3b23e150c4f4bab822c3c47fd7b9de9#0f15f2bf2eb448c381255850e43cf96a

Source: cve@mitre.org

Permissions Required

Timeline

No history available yet.