CVE-2024-46592

Published: Sep 18, 2024Modified: Mar 18, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Affected (1)

Products: Draytek: Vigor3910 Firmware

Draytek

1 product

Vigor3910 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor3910 Firmware	Version 4.3.2.6

Running on/with	Platform Versions
Draytek Vigor3910	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (1)

https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analysis-Report-b3b23e150c4f4bab822c3c47fd7b9de9#1fe94a7181d24f5fbe464a5f9417d084

Source: cve@mitre.org

Permissions Required

Timeline

No history available yet.