CVE-2024-41590
High
Published: 03 October 2024
Published
03 October 2024
Modified
11 June 2025
KEV Added
—
Patch
—
CVSS Score v3.1
8.0
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0011
29.0th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-41590 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Draytek Vigor1000B Firmware. Its CVSS base score is 8.0 (High).
Operationally, ranked at the 29.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-39087
Vulnerability details
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
draytek
vigor2765 firmware
≤ 4.4.5.3
draytek
vigor2763 firmware
≤ 4.4.5.3
draytek
vigor2135 firmware
≤ 4.4.5.3
draytek
vigor166 firmware
≤ 4.2.7
draytek
vigor3912 firmware
≤ 4.3.6.1
draytek
vigor1000b firmware
≤ 4.3.2.8 · 4.4.0.0 — 4.4.3.1
draytek
vigor165 firmware
≤ 4.2.7
draytek
vigor3910 firmware
≤ 4.3.2.8 · 4.4.0.0 — 4.4.3.1
draytek
vigor2962 firmware
≤ 4.3.2.8 · 4.4.0.0 — 4.4.3.1
draytek
vigorlte200 firmware
all versions
+14 more product configuration(s) — see NVD for full list
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.