CVE-2024-41596

HIGH

Draytek Vigor2620 Firmware < 4.4.5.3 - Buffer Overflow

Title source: rule

Description

Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.

References (2)

Core 2

Core References

Mitigation, Technical Description, Third Party Advisory

https://www.forescout.com/resources/draybreak-draytek-research/

Broken Link

https://www.forescout.com/resources/draytek14-vulnerabilities

Scores

CVSS v3 8.0

EPSS 0.0006

EPSS Percentile 18.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-120

Status published

Products (24)

draytek/vigor1000b_firmware < 4.3.2.8

draytek/vigor165_firmware < 4.2.7

draytek/vigor166_firmware < 4.2.7

draytek/vigor2133_firmware

draytek/vigor2135_firmware < 4.4.5.3

draytek/vigor2620_firmware

draytek/vigor2762_firmware

draytek/vigor2763_firmware < 4.4.5.3

draytek/vigor2765_firmware < 4.4.5.3

draytek/vigor2766_firmware < 4.4.5.3

... and 14 more

Published Oct 03, 2024

Tracked Since Feb 18, 2026