#VU97981 Buffer overflow in DrayTek Corp. products - CVE-2024-41586

Vulnerability identifier: #VU97981

Vulnerability risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41586

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Vigor 1000B
Hardware solutions / Routers for home users
Vigor 2962
Hardware solutions / Routers for home users
Vigor 3910
Hardware solutions / Routers for home users
Vigor 3912
Hardware solutions / Routers for home users
Vigor 165
Hardware solutions / Routers for home users
Vigor 166
Hardware solutions / Routers for home users
Vigor 2135
Hardware solutions / Routers for home users
Vigor 2763
Hardware solutions / Routers for home users
Vigor 2765
Hardware solutions / Routers for home users
Vigor 2766
Hardware solutions / Routers for home users
Vigor 2865
Hardware solutions / Routers for home users
Vigor 2866
Hardware solutions / Routers for home users
Vigor 2915
Hardware solutions / Routers for home users
Vigor 2620
Hardware solutions / Routers for home users
Vigor LTE200
Hardware solutions / Routers for home users
Vigor 2133
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor 2762
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor 2860
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor 2925
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor 2862
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor 2926
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor 2952
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor 3220
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor 2832
Hardware solutions / Security hardware applicances

Vendor: DrayTek Corp.

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the WebUI in /cgi-bin/ipfedr.cgi script. A remote privileged user can send a specially crafted HTTP request to the web interface, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

---

External links
https://www.forescout.com/resources/draybreak-draytek-research/

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.