CVE-2024-41595

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor310 devices through 4.3.2.6

Description: The issue is related to a buffer overflow in the web interface of DrayTek Vigor router firmware, allowing a remote attacker to change settings or cause a denial of service. This is due to missing bounds checks on read and write operations, specifically affecting .cgi pages.

Recommendations: For DrayTek Vigor310 devices through 4.3.2.6, update the firmware to a version later than 4.3.2.6 to resolve the issue. As a temporary workaround, consider restricting access to .cgi pages to minimize the risk of exploitation.