CVE-2024-41590 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8 HIGH	ADJACENT_NETWORK	LOW	LOW	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 29%

Affected Products (NVD)

Vendor	Product	Version
draytek	vigor2765_firmware	𝑥 < 4.4.5.3
draytek	vigor2763_firmware	𝑥 < 4.4.5.3
draytek	vigor2135_firmware	𝑥 < 4.4.5.3
draytek	vigor166_firmware	𝑥 < 4.2.7
draytek	vigor3912_firmware	𝑥 < 4.3.6.1
draytek	vigor1000b_firmware	𝑥 < 4.3.2.8
draytek	vigor1000b_firmware	4.4.0.0 ≤ 𝑥 < 4.4.3.1
draytek	vigor165_firmware	𝑥 < 4.2.7
draytek	vigor3910_firmware	𝑥 < 4.3.2.8
draytek	vigor3910_firmware	4.4.0.0 ≤ 𝑥 < 4.4.3.1
draytek	vigor2962_firmware	𝑥 < 4.3.2.8
draytek	vigor2962_firmware	4.4.0.0 ≤ 𝑥 < 4.4.3.1
draytek	vigorlte200_firmware	*
draytek	vigor2133_firmware	*
draytek	vigor2762_firmware	*
draytek	vigor2832_firmware	*
draytek	vigor2860_firmware	*
draytek	vigor2862_firmware	*
draytek	vigor2925_firmware	*
draytek	vigor2926_firmware	*
draytek	vigor2952_firmware	*
draytek	vigor3220_firmware	*
draytek	vigor2620_firmware	*
draytek	vigor2915_firmware	𝑥 < 4.4.5.3
draytek	vigor2866_firmware	𝑥 < 4.4.5.2
draytek	vigor2766_firmware	𝑥 < 4.4.5.3
draytek	vigor2865_firmware	𝑥 < 4.4.5.2

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
draytek	vigor3910_firmware	𝑥 ≤ 4.3.2.6	ADP

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References

https://www.forescout.com/resources/draybreak-draytek-research/

https://www.forescout.com/resources/draytek14-vulnerabilities