CVE-2024-41588: Buffer Overflow
First published: Thu Oct 03 2024(Updated: )
The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| DrayTek Vigor Routers | <=4.3.2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-41588?
CVE-2024-41588 is classified as a high severity vulnerability due to potential exploitation by authenticated users.
How do I fix CVE-2024-41588?
To fix CVE-2024-41588, update the DrayTek Vigor3910 firmware to version 4.3.2.7 or later.
What impact does CVE-2024-41588 have?
CVE-2024-41588 can lead to buffer overflow attacks, potentially allowing attackers to execute arbitrary code.
Who is affected by CVE-2024-41588?
CVE-2024-41588 affects users of DrayTek Vigor3910 devices running firmware version 4.3.2.6 or earlier.
Is authentication required to exploit CVE-2024-41588?
Yes, authentication is required to exploit CVE-2024-41588, as it targets authenticated users.
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/draytek
- canonical/draytek vigor routers