PT-2024-32046 · Draytek · Draytek Vigor 3910
Published
2024-09-18
·
Updated
2024-09-24
·
CVE-2024-46565
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Draytek Vigor 3910 version 4.3.2.6
Description
A buffer overflow issue was discovered in the
sSrvName parameter at the "service.cgi" endpoint. This issue allows attackers to cause a Denial of Service (DoS) via a crafted input.Recommendations
For Draytek Vigor 3910 version 4.3.2.6, as a temporary workaround, consider restricting access to the "service.cgi" endpoint to minimize the risk of exploitation. Avoid using the
sSrvName parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Draytek Vigor 3910