CVE-2024-41590

Q: What is the severity of CVE-2024-41590?

CVE-2024-41590 has a CVSS score of 8.0 (HIGH). This vulnerability allows authenticated users to exploit buffer overflows in CGI endpoints on DrayTek Vigor310 devices by sending specially crafted POST requests. Attackers could potentially execute arbitrary code or crash the device. Only DrayTek Vigor310 devices running firmware through version 4.3.2.6 are affected.

8.0 HIGH

Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows authenticated users to exploit buffer overflows in CGI endpoints on DrayTek Vigor310 devices by sending specially crafted POST requests. Attackers could potentially execute arbitrary code or crash the device. Only DrayTek Vigor310 devices running firmware through version 4.3.2.6 are affected.

💻 Affected Systems

Products:

DrayTek Vigor310

Versions: Through 4.3.2.6

Operating Systems: DrayTek proprietary firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access, but default credentials or weak authentication could make exploitation easier.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Device crash causing denial of service, potentially requiring physical reset or firmware reflash.

🟢

If Mitigated

Limited to denial of service if proper network segmentation and authentication controls are in place.

🌐 Internet-Facing: HIGH - These devices are often deployed as internet-facing routers/gateways, making them prime targets.

🏢 Internal Only: MEDIUM - Still significant risk from authenticated internal users or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication but buffer overflow via strcpy is a well-understood vulnerability class with mature exploitation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.2.7 or later

Vendor Advisory: https://www.draytek.com/support/security-advisory/

Restart Required: Yes

Instructions:

1. Log into Vigor310 web interface. 2. Navigate to System Maintenance > Firmware Upgrade. 3. Download latest firmware from DrayTek support site. 4. Upload and apply firmware update. 5. Reboot device.

🔧 Temporary Workarounds

Disable CGI endpoints

all

If possible, disable unused CGI endpoints through device configuration

Network segmentation

all

Isolate Vigor310 devices from untrusted networks and restrict access to management interfaces

🧯 If You Can't Patch

Implement strict access controls to limit which users can authenticate to the device
Monitor for abnormal POST requests to CGI endpoints and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface: System Maintenance > Firmware Information

Check Version:

No CLI command - check via web interface or SNMP if configured

Verify Fix Applied:

Verify firmware version is 4.3.2.7 or higher after update

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by large POST requests
Device crash/reboot logs
Unusual CGI endpoint access

Network Indicators:

Large POST requests to CGI endpoints
Traffic patterns suggesting buffer overflow attempts

SIEM Query:

source="vigor310" AND (http_method="POST" AND uri="*.cgi" AND content_length>1000)

📊 Metadata

CVE ID: CVE-2024-41590

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: October 3, 2024

Last Updated: June 11, 2025

🔗 References

https://www.forescout.com/resources/draybreak-draytek-research/ Mitigation,Technical Description,Third Party Advisory
https://www.forescout.com/resources/draytek14-vulnerabilities Broken Link

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Vigor1000b Firmware by Draytek

Vigor1000b Firmware by Draytek

Vigor165 Firmware by Draytek

Vigor166 Firmware by Draytek

Vigor2133 Firmware by Draytek

Vigor2135 Firmware by Draytek

Vigor2620 Firmware by Draytek

Vigor2762 Firmware by Draytek

Vigor2763 Firmware by Draytek

Vigor2765 Firmware by Draytek

Vigor2766 Firmware by Draytek

Vigor2832 Firmware by Draytek

Vigor2860 Firmware by Draytek

Vigor2862 Firmware by Draytek

Vigor2865 Firmware by Draytek

Vigor2866 Firmware by Draytek

Vigor2915 Firmware by Draytek

Vigor2925 Firmware by Draytek

Vigor2926 Firmware by Draytek

Vigor2952 Firmware by Draytek

Vigor2962 Firmware by Draytek