Security Advisory

DrayTek Product Security Update Advisory

  • Oct 04 2024

Overview

 

DrayTek has released a security update that fixes vulnerabilities in their products. Users of affected systems are advised to update to the latest version.

 

Affected Products

CVE-2024-41585, CVE-2024-41586, CVE-2024-41589, CVE-2024-41590, CVE-2024-41591, CVE-2024-41592, CVE-2024-41593, CVE-2024-41594, CVE-2024-41595, CVE-2024-41596

  • DrayTek Vigor3910 versions: ~ 4.3.2.6 (inclusive)

 

 

Resolved Vulnerabilities

 

Vulnerability in the recvCmd binary allows attackers to inject arbitrary commands on the host machine by escaping from the emulated instance (CVE-2024-41585)

Stack-based buffer overflow vulnerability in the cgi-bin/ipfedr.cgi component via a long query string that could allow remote attackers to execute arbitrary code (CVE-2024-41586)

CGI endpoints v2x00.cgi and cgiwcg.cgi are prone to a buffer overflow vulnerability due to missing scope checks on parameters passed via POST requests to the strncpy function (CVE- 2024-41588)

Administrator credentials are used the same across the entire system, which could lead to system-wide compromise (CVE-2024-41589)

Buffer overflow vulnerability caused by an authenticated user due to missing scope checks on parameters passed to the strcpy function via POST request (CVE-2024-41590)

Vulnerability allowing unauthenticated DOM-based reflection XSS (CVE-2024-41591)

GetCGI mishandled unnecessary ampersand characters and long key-value pairs, which could lead to a stack-based overflow when handling query string parameters (CVE-2024-41592)

A heap-based buffer overflow could occur due to a byte-sign expansion operation on the length argument of the _memcpy call (CVE-2024-41593)

Vulnerability in the httpd server in the Vigor administration UI because it uses static strings to seed OpenSSL’s PRNG, which could allow an attacker to obtain sensitive information (CVE-2024-41594)

Missing scope checking in read and write operations, allowing remote attackers to change settings or cause a denial of service via a .cgi page (CVE-2024-41595)

Buffer overflow vulnerability due to improper retrieval and handling of GI form parameters (CVE-2024-41596)

 

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-41585, CVE-2024-41586, CVE-2024-41589, CVE-2024-41590, CVE-2024-41591, CVE-2024-41592, CVE-2024-41593, CVE-2024-41594, CVE-2024-41595, CVE-2024-41596

  • DrayTek Vigor3910 versions: 4.3.2.8 and 4.4.3.1

     

References

 

[1] DRAY:BREAK Breaking Into DrayTek Routers Before Threat Actors Do It Again

https://www.forescout.com/resources/draybreak-draytek-research/

Tags:

Previous Post

Next Post