CVE-2024-46560 – A buffer overflow vulnerability in Draytek Vigo... (How to Fix)

Q: What is the severity of CVE-2024-46560?

CVE-2024-46560 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in Draytek Vigor 3910 routers allows attackers to cause Denial of Service (DoS) by sending specially crafted input to the pub_key parameter. This affects organizations using Draytek Vigor 3910 routers with vulnerable firmware. The vulnerability can be exploited remotely without authentication.

📋 TL;DR

A buffer overflow vulnerability in Draytek Vigor 3910 routers allows attackers to cause Denial of Service (DoS) by sending specially crafted input to the pub_key parameter. This affects organizations using Draytek Vigor 3910 routers with vulnerable firmware. The vulnerability can be exploited remotely without authentication.

💻 Affected Systems

Products:

Draytek Vigor 3910

Versions: v4.3.2.6

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific firmware version mentioned; other Draytek models and versions may not be vulnerable.

📦 What is this software?

Vigor3910 Firmware by Draytek

View all CVEs affecting Vigor3910 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical reboot, potential for remote code execution if buffer overflow can be controlled precisely (though not confirmed in this CVE).

🟠

Likely Case

Router becomes unresponsive, requiring reboot to restore service, disrupting network connectivity for all connected devices.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access, though internal threats remain possible.

🌐 Internet-Facing: HIGH - The vulnerability is in a CGI component accessible via web interface, and routers are typically internet-facing devices.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the router's management interface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Buffer overflow via crafted input to a CGI parameter is typically straightforward to exploit.

The vulnerability is in v2x00.cgi which handles web interface requests, making it accessible via HTTP/HTTPS.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found in provided references

Restart Required: Yes

Instructions:

1. Check Draytek website for firmware updates. 2. Download latest firmware for Vigor 3910. 3. Log into router web interface. 4. Navigate to System Maintenance > Firmware Upgrade. 5. Upload new firmware file. 6. Wait for reboot.

🔧 Temporary Workarounds

Restrict Web Interface Access

linux

Limit access to router's web management interface using firewall rules.

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Disable Unnecessary Services

all

Disable remote web management if not required.

🧯 If You Can't Patch

Place router behind additional firewall with strict inbound rules
Implement network segmentation to limit router exposure

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface under System Maintenance > Firmware Information

Check Version:

curl -k https://ROUTER_IP/cgi-bin/v2x00.cgi?pub_key=test (monitor for crash/response)

Verify Fix Applied:

Verify firmware version is no longer v4.3.2.6 after update

📡 Detection & Monitoring

Log Indicators:

Router reboot logs
Web interface access logs showing requests to v2x00.cgi with long pub_key parameters

Network Indicators:

HTTP/HTTPS requests to router IP on ports 80/443 with abnormal parameter lengths
Sudden loss of router connectivity

SIEM Query:

source="router_logs" AND (uri="*/v2x00.cgi*" AND param_length>1000)

📊 Metadata

CVE ID: CVE-2024-46560

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: September 18, 2024

Last Updated: March 14, 2025

🔗 References

https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analysis-Report-b3b23e150c4f4bab822c3c47fd7b9de9#2a9a497ab8214aeb991df9b9714b3c25 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46560, you might also want to check these: