fkie_cve-2024-41592
Vulnerability from fkie_nvd
Published
2024-10-03 19:15
Modified
2025-06-03 13:52
Severity ?
Summary
DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.forescout.com/resources/draybreak-draytek-research/ | Third Party Advisory, Exploit, Mitigation | |
| cve@mitre.org | https://www.forescout.com/resources/draytek14-vulnerabilities | Broken Link |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4137F610-B3BE-4B74-8409-B91E61C4EEEE",
"versionEndExcluding": "3.9.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7DD492-4294-484D-A4D2-BCCCA152D57F",
"versionEndExcluding": "3.9.8.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E55BCE-BBF0-454B-AE86-45B7298888B3",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89461FD4-897D-44F1-8486-4BCCDE3772DD",
"versionEndExcluding": "4.4.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F87D851-15BC-4FC1-8AB7-D5C15B2B74F0",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D46DEC-06AB-489F-A0B5-10C31F80A8C1",
"versionEndExcluding": "4.4.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B1826F9-0258-44DD-A471-113CF55CE563",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A559F44-80F8-44B7-B70F-BA0B78C85283",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AB3320-27F8-4359-AEF8-6B1FDBA67111",
"versionEndExcluding": "4.4.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B9436B-B2FE-4644-BB06-B0537EC23A71",
"versionEndExcluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84670562-F228-40A0-A38D-144EA62556D3",
"versionEndExcluding": "4.3.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBC681E-CD03-49E5-BC3A-E4A7654975A3",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABDC93B5-DC0A-4AA4-A340-382F108AE80B",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59521C99-00BA-4503-823E-3FEA44F8DDA0",
"versionEndExcluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B937F11C-FC86-4D6E-A46B-BA2CA0FFCEF7",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2602941C-255F-4289-9043-D396CC4B3192",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0549C870-BE10-441A-B07D-0701915E5A9E",
"versionEndExcluding": "4.3.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1A9825-E419-4740-996A-5928D207FCB6",
"versionEndExcluding": "4.4.3.1",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7845410-6E90-4E92-8029-964A7F77EC57",
"versionEndExcluding": "3.9.8.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0813DB7-4B52-40E1-9D5C-DBF9FA74EFD0",
"versionEndExcluding": "3.9.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B69D1EC-7C33-4367-80BA-4008E8C9A4BE",
"versionEndExcluding": "3.9.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D46E5FF5-6521-4A10-8CC5-34518A38ECFA",
"versionEndExcluding": "3.9.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02588C38-E98C-4553-93C0-535A0C129783",
"versionEndExcluding": "3.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "765C62A0-BE3E-4661-8FD6-E9566B7C3C28",
"versionEndExcluding": "3.9.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43C713BB-02A0-4CD4-A27F-943D5D538444",
"versionEndExcluding": "3.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36FE9F0A-223F-42DC-BCB6-4A7A24A65130",
"versionEndExcluding": "3.9.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1ADAFE-5F59-4617-A20D-68675AE4AA61",
"versionEndExcluding": "3.9.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs."
},
{
"lang": "es",
"value": "Los dispositivos DrayTek Vigor3910 hasta 4.3.2.6 tienen un desbordamiento basado en pila al procesar par\u00e1metros de cadena de consulta porque GetCGI maneja incorrectamente los caracteres ampersand extra\u00f1os y los pares clave-valor largos."
}
],
"id": "CVE-2024-41592",
"lastModified": "2025-06-03T13:52:04.560",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-03T19:15:04.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Exploit",
"Mitigation"
],
"url": "https://www.forescout.com/resources/draybreak-draytek-research/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.forescout.com/resources/draytek14-vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…