Login Sign Up

CVE-2024-46550

7.5 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in Draytek Vigor 3910 routers allows attackers to cause Denial of Service (DoS) by sending crafted input to the CGIbyFieldName parameter in chglog.cgi. This affects organizations using Draytek Vigor 3910 routers with vulnerable firmware. The vulnerability can disrupt network services by crashing the router.

💻 Affected Systems

Products:
  • Draytek Vigor 3910
Versions: v4.3.2.6
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the specific firmware version mentioned; other versions may be unaffected but should be verified.

📦 What is this software?

Vigor3910 Firmware by Draytek

View all CVEs affecting Vigor3910 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical reboot, extended network downtime, and potential for remote code execution if the overflow can be controlled precisely.

🟠

Likely Case

Router becomes unresponsive, requiring manual reboot and causing temporary network disruption until service is restored.

🟢

If Mitigated

Minimal impact if the router is behind proper network segmentation and firewalls, with monitoring to detect exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is in a CGI parameter accessible via HTTP, making exploitation straightforward if the router is exposed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Draytek's official website or support for firmware updates. 2. Download the latest firmware if available. 3. Upload and apply the firmware via the router's web interface. 4. Reboot the router to complete the update.

🔧 Temporary Workarounds

Block External Access to chglog.cgi

linux

Use firewall rules to block incoming HTTP requests to the chglog.cgi endpoint on the router.

iptables -A INPUT -p tcp --dport 80 -m string --string "chglog.cgi" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -m string --string "chglog.cgi" --algo bm -j DROP

🧯 If You Can't Patch

  • Isolate the router on a dedicated network segment to limit exposure.
  • Implement strict network access controls to allow only trusted IPs to access the router's management interface.

🔍 How to Verify

Check if Vulnerable:

Check the router's firmware version via the web interface under System Maintenance > Firmware Information.

Check Version:

curl -s http://router-ip/cgi-bin/chglog.cgi | grep -i version

Verify Fix Applied:

Verify the firmware version has been updated to a version later than v4.3.2.6, if a patch is released.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP POST requests to chglog.cgi with long parameter values
  • Router crash logs or reboots in system logs

Network Indicators:

  • HTTP traffic to router IP on port 80/443 with requests containing CGIbyFieldName parameter exceeding normal length

SIEM Query:

source="router_logs" AND (uri="*chglog.cgi*" AND (param="*CGIbyFieldName*" AND length>100))

📊 Metadata

CVE ID: CVE-2024-46550
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-120
Published: September 18, 2024
Last Updated: March 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46550, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)