CVE-2024-41593

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor310 devices through 4.3.2.6

Description: The issue is related to a heap-based buffer overflow in the ft payloads dns() function of the DrayTek Vigor router's web interface, allowing a remote attacker to execute arbitrary code. This is due to a byte sign-extension operation for the length argument of a memcpy call. The exploitation of this issue can lead to remote code execution.

Recommendations: For DrayTek Vigor310 devices through version 4.3.2.6, update to a version later than 4.3.2.6 to resolve the issue. As a temporary workaround, consider restricting access to the ft payload dns() function until a patch is available.