CVE-2024-41590

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor310 versions up to 4.3.2.6

Description: The issue is related to a buffer overflow vulnerability in the web interface of DrayTek Vigor routers, caused by a lack of size checking on input data. This can be exploited by a remote attacker to execute arbitrary code or cause a denial of service by sending a specially crafted request. Several CGI endpoints are vulnerable to buffer overflows due to missing bounds checking on parameters passed through POST requests. The vulnerability can be exploited by authenticated users.

Recommendations: For DrayTek Vigor310 versions up to 4.3.2.6, consider disabling access to vulnerable CGI endpoints until a patch is available. Restrict access to the strcpy function to minimize the risk of exploitation. Avoid using parameters that are passed through POST requests to vulnerable endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.