VYPR
Critical severity9.8NVD Advisory· Published Oct 3, 2024· Updated Jun 17, 2026

CVE-2024-41593

CVE-2024-41593

Description

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.

Affected products

2
  • Draytek/Vigor3910cpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=4.3.2.6

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.