CVE-2024-41595 – DrayTek Vigor310 devices through firmware versi... (How to Fix)

Q: What is the severity of CVE-2024-41595?

CVE-2024-41595 has a CVSS score of 8.0 (HIGH). DrayTek Vigor310 devices through firmware version 4.3.2.6 contain buffer overflow vulnerabilities in .cgi pages due to missing bounds checks. This allows remote attackers to change device settings or cause denial of service. Organizations using affected DrayTek Vigor310 devices are vulnerable.

📋 TL;DR

DrayTek Vigor310 devices through firmware version 4.3.2.6 contain buffer overflow vulnerabilities in .cgi pages due to missing bounds checks. This allows remote attackers to change device settings or cause denial of service. Organizations using affected DrayTek Vigor310 devices are vulnerable.

💻 Affected Systems

Products:

DrayTek Vigor310

Versions: Through firmware version 4.3.2.6

Operating Systems: DrayTek proprietary firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations with affected firmware versions are vulnerable. The .cgi pages are typically accessible via web interface.

📦 What is this software?

Vigor3910 Firmware by Draytek

View all CVEs affecting Vigor3910 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistent backdoor installation, and lateral movement into internal networks.

🟠

Likely Case

Device settings modification causing service disruption, configuration changes, or denial of service through device crashes.

🟢

If Mitigated

Limited to denial of service if proper network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH - Devices exposed to internet are directly vulnerable to remote exploitation without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this if they reach the device, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Research reports demonstrate exploitation techniques. The vulnerability requires sending crafted requests to .cgi endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check DrayTek for firmware updates beyond 4.3.2.6

Vendor Advisory: https://www.draytek.com/support/security-advisory/

Restart Required: Yes

Instructions:

1. Log into DrayTek Vigor310 web interface. 2. Navigate to System Maintenance > Firmware Upgrade. 3. Download latest firmware from DrayTek support site. 4. Upload and apply firmware update. 5. Reboot device after update completes.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to device management interface using firewall rules

Disable Remote Management

all

Disable WAN-side management access if not required

🧯 If You Can't Patch

Isolate affected devices in separate network segments with strict firewall rules
Implement network monitoring for unusual traffic patterns to .cgi endpoints

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface under System Status > Firmware Information

Check Version:

Not applicable - check via web interface or SSH if enabled

Verify Fix Applied:

Verify firmware version is updated beyond 4.3.2.6 and test .cgi endpoints with controlled payloads

📡 Detection & Monitoring

Log Indicators:

Multiple failed requests to .cgi pages
Unusual POST requests with large payloads to device management interface

Network Indicators:

Unusual traffic patterns to device management ports (typically 80/443)
Requests to .cgi endpoints with abnormal parameters

SIEM Query:

source_ip="device_ip" AND (uri="*.cgi" OR user_agent="*exploit*" OR http_method="POST" AND content_length>threshold)

📊 Metadata

CVE ID: CVE-2024-41595

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: October 3, 2024

Last Updated: April 10, 2025

🔗 References

https://www.forescout.com/resources/draybreak-draytek-research/ Third Party Advisory
https://www.forescout.com/resources/draytek14-vulnerabilities Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41595, you might also want to check these: