Lucene search

[email protected]NVD:CVE-2024-46592

HistorySep 18, 2024 - 3:15 p.m.

CVE-2024-46592

2024-09-1815:15:18

CWE-120

[email protected]

web.nvd.nist.gov

draytek vigor 3910

buffer overflow

ssid encryption

denial of service

crafted input

vulnerability

cve-2024-46592

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Affected configurations

Nvd

Node

draytekvigor3910_firmwareMatch4.3.2.6

AND

draytekvigor3910Match-

VendorProductVersionCPE
draytekvigor3910_firmware4.3.2.6cpe:2.3:o:draytek:vigor3910_firmware:4.3.2.6:*:*:*:*:*:*:*
draytekvigor3910-cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
draytek	vigor3910_firmware	4.3.2.6	cpe:2.3:o:draytek:vigor3910_firmware:4.3.2.6:::::::*
draytek	vigor3910	-	cpe:2.3:h:draytek:vigor3910:-:::::::*

References

ink-desk-28f.notion.site/Draytek-vigor-3910-Analysis-Report-b3b23e150c4f4bab822c3c47fd7b9de9#1fe94a7181d24f5fbe464a5f9417d084

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-46592

vulnrichment1 cvelist1 cve1