CVE-2024-46584 – A buffer overflow vulnerability exists in the A... (How to Fix)

Q: What is the severity of CVE-2024-46584?

CVE-2024-46584 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability exists in the AControlIp1 parameter of the acontrol.cgi component in Draytek Vigor 3910 firmware version 4.3.2.6. Attackers can exploit this by sending specially crafted input to cause a Denial of Service (DoS), potentially crashing the device. Organizations using this specific firmware version on Vigor 3910 routers are affected.

📋 TL;DR

A buffer overflow vulnerability exists in the AControlIp1 parameter of the acontrol.cgi component in Draytek Vigor 3910 firmware version 4.3.2.6. Attackers can exploit this by sending specially crafted input to cause a Denial of Service (DoS), potentially crashing the device. Organizations using this specific firmware version on Vigor 3910 routers are affected.

💻 Affected Systems

Products:

Draytek Vigor 3910

Versions: v4.3.2.6

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific firmware version mentioned; other versions may be unaffected.

📦 What is this software?

Vigor3910 Firmware by Draytek

View all CVEs affecting Vigor3910 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical reboot, extended service disruption, and potential remote code execution if the overflow can be controlled to execute arbitrary code.

🟠

Likely Case

Denial of Service causing device reboot and temporary network outage for connected users.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted access to management interface.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Buffer overflow in CGI parameter suggests straightforward exploitation via HTTP request.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Draytek website for firmware updates. 2. Download latest firmware. 3. Access router web interface. 4. Navigate to System Maintenance > Firmware Upgrade. 5. Upload new firmware file. 6. Wait for reboot.

🔧 Temporary Workarounds

Restrict access to management interface

all

Limit access to the router's web interface to trusted IP addresses only.

Disable WAN access to management

all

Ensure router management is not accessible from the internet.

🧯 If You Can't Patch

Isolate vulnerable device in separate network segment with strict firewall rules.
Implement network monitoring for abnormal HTTP requests to acontrol.cgi.

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under System Maintenance > Firmware Information.

Check Version:

No CLI command; use web interface at System Maintenance > Firmware Information.

Verify Fix Applied:

Verify firmware version is no longer v4.3.2.6 after update.

📡 Detection & Monitoring

Log Indicators:

Multiple HTTP requests to /acontrol.cgi with abnormal parameter lengths
Device reboot logs without normal shutdown

Network Indicators:

HTTP POST requests to /acontrol.cgi with unusually long AControlIp1 parameter values

SIEM Query:

http.url:"/acontrol.cgi" AND http.param:"AControlIp1" AND bytes_out > 1000

📊 Metadata

CVE ID: CVE-2024-46584

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: September 18, 2024

Last Updated: March 14, 2025

🔗 References

https://ink-desk-28f.notion.site/Draytek-vigor-3910-Analysis-Report-b3b23e150c4f4bab822c3c47fd7b9de9#20fb6e1bcec049728e6319d9da46416d Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46584, you might also want to check these: