Description
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
Configuration 11 [-]
| AND |
|
Configuration 12 [-]
| AND |
|
Configuration 13 [-]
| AND |
|
Configuration 14 [-]
| AND |
|
Configuration 15 [-]
| AND |
|
Configuration 16 [-]
| AND |
|
Configuration 17 [-]
| AND |
|
Configuration 18 [-]
| AND |
|
Configuration 19 [-]
| AND |
|
Configuration 20 [-]
| AND |
|
Configuration 21 [-]
| AND |
|
Configuration 22 [-]
| AND |
|
Configuration 23 [-]
| AND |
|
Configuration 24 [-]
| AND |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 11 Jun 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Draytek vigor1000b
Draytek vigor1000b Firmware Draytek vigor165 Draytek vigor165 Firmware Draytek vigor166 Draytek vigor166 Firmware Draytek vigor2133 Draytek vigor2133 Firmware Draytek vigor2135 Draytek vigor2135 Firmware Draytek vigor2620 Draytek vigor2620 Firmware Draytek vigor2762 Draytek vigor2762 Firmware Draytek vigor2763 Draytek vigor2763 Firmware Draytek vigor2765 Draytek vigor2765 Firmware Draytek vigor2766 Draytek vigor2766 Firmware Draytek vigor2832 Draytek vigor2832 Firmware Draytek vigor2860 Draytek vigor2860 Firmware Draytek vigor2862 Draytek vigor2862 Firmware Draytek vigor2865 Draytek vigor2865 Firmware Draytek vigor2866 Draytek vigor2866 Firmware Draytek vigor2915 Draytek vigor2915 Firmware Draytek vigor2925 Draytek vigor2925 Firmware Draytek vigor2926 Draytek vigor2926 Firmware Draytek vigor2952 Draytek vigor2952 Firmware Draytek vigor2962 Draytek vigor2962 Firmware Draytek vigor3220 Draytek vigor3220 Firmware Draytek vigor3910 Draytek vigor3912 Draytek vigor3912 Firmware Draytek vigorlte200 Draytek vigorlte200 Firmware |
|
| CPEs | cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:* cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Draytek vigor1000b
Draytek vigor1000b Firmware Draytek vigor165 Draytek vigor165 Firmware Draytek vigor166 Draytek vigor166 Firmware Draytek vigor2133 Draytek vigor2133 Firmware Draytek vigor2135 Draytek vigor2135 Firmware Draytek vigor2620 Draytek vigor2620 Firmware Draytek vigor2762 Draytek vigor2762 Firmware Draytek vigor2763 Draytek vigor2763 Firmware Draytek vigor2765 Draytek vigor2765 Firmware Draytek vigor2766 Draytek vigor2766 Firmware Draytek vigor2832 Draytek vigor2832 Firmware Draytek vigor2860 Draytek vigor2860 Firmware Draytek vigor2862 Draytek vigor2862 Firmware Draytek vigor2865 Draytek vigor2865 Firmware Draytek vigor2866 Draytek vigor2866 Firmware Draytek vigor2915 Draytek vigor2915 Firmware Draytek vigor2925 Draytek vigor2925 Firmware Draytek vigor2926 Draytek vigor2926 Firmware Draytek vigor2952 Draytek vigor2952 Firmware Draytek vigor2962 Draytek vigor2962 Firmware Draytek vigor3220 Draytek vigor3220 Firmware Draytek vigor3910 Draytek vigor3912 Draytek vigor3912 Firmware Draytek vigorlte200 Draytek vigorlte200 Firmware |
Mon, 07 Oct 2024 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Draytek
Draytek vigor3910 Firmware |
|
| Weaknesses | CWE-121 | |
| CPEs | cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Draytek
Draytek vigor3910 Firmware |
|
| Metrics |
cvssV3_1
|
Thu, 03 Oct 2024 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6. | |
| References |
|
Subscriptions
Draytek
Subscribe
Vigor1000b
Subscribe
Vigor1000b Firmware
Subscribe
Vigor165
Subscribe
Vigor165 Firmware
Subscribe
Vigor166
Subscribe
Vigor166 Firmware
Subscribe
Vigor2133
Subscribe
Vigor2133 Firmware
Subscribe
Vigor2135
Subscribe
Vigor2135 Firmware
Subscribe
Vigor2620
Subscribe
Vigor2620 Firmware
Subscribe
Vigor2762
Subscribe
Vigor2762 Firmware
Subscribe
Vigor2763
Subscribe
Vigor2763 Firmware
Subscribe
Vigor2765
Subscribe
Vigor2765 Firmware
Subscribe
Vigor2766
Subscribe
Vigor2766 Firmware
Subscribe
Vigor2832
Subscribe
Vigor2832 Firmware
Subscribe
Vigor2860
Subscribe
Vigor2860 Firmware
Subscribe
Vigor2862
Subscribe
Vigor2862 Firmware
Subscribe
Vigor2865
Subscribe
Vigor2865 Firmware
Subscribe
Vigor2866
Subscribe
Vigor2866 Firmware
Subscribe
Vigor2915
Subscribe
Vigor2915 Firmware
Subscribe
Vigor2925
Subscribe
Vigor2925 Firmware
Subscribe
Vigor2926
Subscribe
Vigor2926 Firmware
Subscribe
Vigor2952
Subscribe
Vigor2952 Firmware
Subscribe
Vigor2962
Subscribe
Vigor2962 Firmware
Subscribe
Vigor3220
Subscribe
Vigor3220 Firmware
Subscribe
Vigor3910
Subscribe
Vigor3910 Firmware
Subscribe
Vigor3912
Subscribe
Vigor3912 Firmware
Subscribe
Vigorlte200
Subscribe
Vigorlte200 Firmware
Subscribe
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-10-03T20:38:44.420Z
Reserved: 2024-07-18T00:00:00.000Z
Link: CVE-2024-41590
Vulnrichment
Updated: 2024-10-03T20:38:23.701Z
NVD
Status : Analyzed
Published: 2024-10-03T19:15:04.487
Modified: 2025-06-11T13:49:57.290
Link: CVE-2024-41590
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses