CVE-2024-41585

medium

Description

DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine.

References

https://www.forescout.com/resources/draytek14-vulnerabilities

https://www.forescout.com/resources/draybreak-draytek-research/

Details

Source: Mitre, NVD

Published: 2024-10-03

Updated: 2025-04-10

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 6.8

Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.10174