Severity Level: medium
Title:
Security Updates- DrayTek
Summary:
- Cross-Site Scripting (XSS), Denial of Service (DoS), and Remote Code Execution: o CVEs: CVE-2024-41583, CVE-2024- 41596 o Successful exploitation could allow an attacker to execute arbitrary code on the affected device, potentially leading to data theft, unauthorized access, or other malicious activities. Additionally, these vulnerabilities could be used to trigger denial-of-service (DoS) conditions."
2. Buffer Overflow Vulnerabilities: o CVEs: CVE-2024-46550, CVE-2024-46568, CVE-2024-46571, CVE-2024-46580, CVE-2024-46586, CVE-2024-46588, CVE-2024-46598 o These vulnerabilities could allow an authenticated attacker to trigger a DoS condition by sending specially crafted input.
Recommendations:
recommends applying the mitigation or workaround provided by DrayTek
References:
click here