CVE-2024-41586

CVSS 3.1 Score 8 of 10 (high)

Details

Published Oct 3, 2024

Updated: Oct 4, 2024

CWE ID 121

Summary

CVE-2024-41586 is a newly disclosed buffer overflow vulnerability that affects DrayTek Vigor310 devices up to version 4.3.2.6. An attacker can exploit this issue by sending a specially crafted query string to the cgi-bin/ipfedr.cgi component. By overflowing the stack, the attacker gains the ability to execute arbitrary code remotely, potentially leading to unauthorized access or system takeover. This vulnerability poses a significant risk to organizations and individuals using impacted devices, necessitating immediate updates to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xFR0Nc
https://www.cve.org/CVERecord?id=CVE-2024-41586
https://nvd.nist.gov/vuln/detail/CVE-2024-41586

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-41586

CVSS 3.1 Score 8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations