Cyber Resilience

CVE-2024-41590

High

Published: 03 October 2024

Published
03 October 2024
Modified
11 June 2025
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-41590 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Draytek Vigor1000B Firmware. Its CVSS base score is 8.0 (High).

Operationally, ranked at the 29.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

draytek
vigor2765 firmware
≤ 4.4.5.3
draytek
vigor2763 firmware
≤ 4.4.5.3
draytek
vigor2135 firmware
≤ 4.4.5.3
draytek
vigor166 firmware
≤ 4.2.7
draytek
vigor3912 firmware
≤ 4.3.6.1
draytek
vigor1000b firmware
≤ 4.3.2.8 · 4.4.0.0 — 4.4.3.1
draytek
vigor165 firmware
≤ 4.2.7
draytek
vigor3910 firmware
≤ 4.3.2.8 · 4.4.0.0 — 4.4.3.1
draytek
vigor2962 firmware
≤ 4.3.2.8 · 4.4.0.0 — 4.4.3.1
draytek
vigorlte200 firmware
all versions
+14 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References