admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-415xx/CVE-2024-41590.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

64 lines
2.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-41590",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-03T19:15:04.487",
"lastModified": "2024-10-07T19:37:16.150",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6."
},
{
"lang": "es",
"value": "Varios endpoints de CGI son vulnerables a desbordamientos de b\u00fafer, por parte de usuarios autenticados, debido a la falta de verificaci\u00f3n de los l\u00edmites en los par\u00e1metros pasados a trav\u00e9s de solicitudes POST a la funci\u00f3n strcpy en dispositivos DrayTek Vigor310 hasta 4.3.2.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://www.forescout.com/resources/draybreak-draytek-research/",
"source": "cve@mitre.org"
},
{
"url": "https://www.forescout.com/resources/draytek14-vulnerabilities",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink