Multiple vulnerabilities in DrayTek products



Risk Critical
Patch available YES
Number of vulnerabilities 14
CVE-ID CVE-2024-41589
CVE-2024-41594
CVE-2024-41595
CVE-2024-41586
CVE-2024-41590
CVE-2024-41588
CVE-2024-41596
CVE-2024-41583
CVE-2024-41593
CVE-2024-41585
CVE-2024-41592
CVE-2024-41584
CVE-2024-41591
CVE-2024-41587
CWE-ID CWE-255
CWE-338
CWE-119
CWE-79
CWE-78
Exploitation vector Network
Public exploit N/A
Vulnerable software
Vigor 1000B
Hardware solutions / Routers for home users

Vigor 2962
Hardware solutions / Routers for home users

Vigor 3910
Hardware solutions / Routers for home users

Vigor 3912
Hardware solutions / Routers for home users

Vigor 165
Hardware solutions / Routers for home users

Vigor 166
Hardware solutions / Routers for home users

Vigor 2135
Hardware solutions / Routers for home users

Vigor 2763
Hardware solutions / Routers for home users

Vigor 2765
Hardware solutions / Routers for home users

Vigor 2766
Hardware solutions / Routers for home users

Vigor 2865
Hardware solutions / Routers for home users

Vigor 2866
Hardware solutions / Routers for home users

Vigor 2915
Hardware solutions / Routers for home users

Vigor 2620
Hardware solutions / Routers for home users

Vigor LTE200
Hardware solutions / Routers for home users

Vigor 2133
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 2762
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 2860
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 2925
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 2862
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 2926
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 2952
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 3220
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vigor 2832
Hardware solutions / Security hardware applicances

Vendor DrayTek Corp.

Security Bulletin

This security bulletin contains information about 14 vulnerabilities.

1) Credentials management

EUVDB-ID: #VU97985

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41589

CWE-ID: CWE-255 - Credentials Management

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to the same admin credentials are used across the entire system (including both guest and host operating systems). Obtaining these credentials can lead to full system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

CPE2.3 External links

http://www.forescout.com/resources/draybreak-draytek-research/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

EUVDB-ID: #VU97983

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41594

CWE-ID: CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to software uses a static string to seed the PRNG in OpenSSL for TLS. A remote attacker can perform MitM attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

CPE2.3 External links

http://www.forescout.com/resources/draybreak-draytek-research/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU97982

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41595

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the WebUI. A remote privileged user can send a specially crafted HTTP request to the web interface, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

CPE2.3 External links

http://www.forescout.com/resources/draybreak-draytek-research/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU97981

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41586

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the WebUI in /cgi-bin/ipfedr.cgi script. A remote privileged user can send a specially crafted HTTP request to the web interface, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

CPE2.3 External links

http://www.forescout.com/resources/draybreak-draytek-research/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU97977

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41590

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the WebUI. A remote privileged user can send a specially crafted HTTP request to the web interface, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

CPE2.3 External links

http://www.forescout.com/resources/draybreak-draytek-research/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU97976

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41588

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the WebUI when handling data passed to the "/cgi-bin/v2x00.cgi" and "/cgi-bin/cgiwcg.cgi" scripts. A remote privileged user can send a specially crafted HTTP request to the web interface, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

CPE2.3 External links

http://www.forescout.com/resources/draybreak-draytek-research/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU97980

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41596

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the WebUI. A remote privileged user can send a specially crafted HTTP request to the web interface, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

CPE2.3 External links

http://www.forescout.com/resources/draybreak-draytek-research/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Stored cross-site scripting

EUVDB-ID: #VU97966

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41583

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when handling a custom router name. A remote user can execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

CPE2.3 External links

http://www.forescout.com/resources/draybreak-draytek-research/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU97978

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41593

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the ft_payloads_dns() function within the WebUI. A remote privileged user can send a specially crafted HTTP request to the web interface, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

CPE2.3 External links

http://www.forescout.com/resources/draybreak-draytek-research/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) OS command injection

EUVDB-ID: #VU97986

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41585

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a malicious guest to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the recvCmd binary, used by the host OS for communicating with the guest OS. A malicious guest can pass specially crafted data to the binary and execute arbitrary OS commands on the host OS.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

CPE2.3 External links

http://www.forescout.com/resources/draybreak-draytek-research/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU97975

Risk: Critical

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41592

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in GetCGI() function within the WebUI when handling HTTP query parameters. A remote attacker can send a specially crafted HTTP request to the web interface, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

CPE2.3 External links

http://www.forescout.com/resources/draybreak-draytek-research/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Reflected cross-site scripting

EUVDB-ID: #VU97969

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41584

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via the "sFormAuthSr" parameter to wlogin.cgi. A remote attacker can trick the victim into clicking on a specially crafted line and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

CPE2.3 External links

http://www.forescout.com/resources/draybreak-draytek-research/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Reflected cross-site scripting

EUVDB-ID: #VU97968

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41591

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via the "content" query string parameter to doc/hslogp1_link.htm. A remote attacker can trick the victim into clicking on a specially crafted line and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

CPE2.3 External links

http://www.forescout.com/resources/draybreak-draytek-research/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Stored cross-site scripting

EUVDB-ID: #VU97967

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41587

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when handling a custom greeting message. A remote user can execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

CPE2.3 External links

http://www.forescout.com/resources/draybreak-draytek-research/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###