PT-2024-20034 · Draytek · Draytek Vigor 3910
Published
2024-03-20
·
Updated
2025-05-23
·
CVE-2024-23721
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Draytek Vigor3910 version 4.3.2.5
Description
A Directory Traversal issue was discovered in the
process post function. When sending a certain POST request, it calls the function and exports information.Recommendations
For Draytek Vigor3910 version 4.3.2.5, consider restricting access to the
process post function until a patch is available. Avoid sending specific POST requests that may trigger the Directory Traversal issue.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Draytek Vigor 3910