Is CVE-2024-41590 actively exploited?

CVE-2024-41590 has no public evidence of in-the-wild exploitation as of 2025-06-11.

What is the CVSS score for CVE-2024-41590?

CVE-2024-41590 has a CVSS score of 8 (HIGH severity). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2024-41590?

Patch guidance is available from draytek security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-41590.

Fix CVE-2024-41590 - HIGH draytek vigor2765 firmware

Q: Which products are affected by CVE-2024-41590?

27 products: draytek vigor2765 firmware, draytek vigor2763 firmware, draytek vigor2135 firmware, draytek vigor166 firmware, draytek vigor3912 firmware, and 22 more.

Description

Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.

CVSS Metrics

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: adjacent network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-121

Metadata

Primary Vendor: DRAYTEK
Published: 10/3/2024
Last Modified: 6/11/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

draytek : vigor2765_firmwaredraytek : vigor2763_firmwaredraytek : vigor2135_firmwaredraytek : vigor166_firmwaredraytek : vigor3912_firmwaredraytek : vigor1000b_firmwaredraytek : vigor1000b_firmwaredraytek : vigor165_firmwaredraytek : vigor3910_firmwaredraytek : vigor3910_firmwaredraytek : vigor2962_firmwaredraytek : vigor2962_firmwaredraytek : vigorlte200_firmwaredraytek : vigor2133_firmwaredraytek : vigor2762_firmwaredraytek : vigor2832_firmwaredraytek : vigor2860_firmwaredraytek : vigor2862_firmwaredraytek : vigor2925_firmwaredraytek : vigor2926_firmwaredraytek : vigor2952_firmwaredraytek : vigor3220_firmwaredraytek : vigor2620_firmwaredraytek : vigor2915_firmwaredraytek : vigor2866_firmwaredraytek : vigor2766_firmwaredraytek : vigor2865_firmware

Remediation Guidance

Executive Summary

View on NIST NVD