9.8
CVE-2020-14473
- EPSS 2.3%
- Veröffentlicht 24.06.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:03:20
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginStack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Draytek ≫ Vigor300b Firmware Version < 1.5.1.1
Draytek ≫ Vigor2960 Firmware Version < 1.5.1.1
Draytek ≫ Vigor3900 Firmware Version < 1.5.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.3% | 0.811 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29
https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14473.md