CVE-2024-23721 is a directory traversal vulnerability identified in the Draytek Vigor3910 router firmware version 4.3.2.5. The issue arises from insufficient validation of input in the process_post function, which processes certain POST HTTP requests. By crafting a malicious POST request, an attacker can manipulate the file path to access files outside the intended directory scope, thereby exporting sensitive information stored on the device. This vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). The vulnerability requires no authentication or user interaction, and can be exploited remotely over the network (AV:N). The CVSS v3.1 base score is 7.5, reflecting high confidentiality impact but no impact on integrity or availability. Although no public exploits have been reported yet, the ease of exploitation and the critical nature of the information potentially exposed make this a significant threat to affected organizations. The lack of a patch or mitigation details at the time of publication increases the urgency for defensive measures.

The primary impact of CVE-2024-23721 is unauthorized disclosure of sensitive information stored on Draytek Vigor3910 devices. This could include configuration files, credentials, or other sensitive data critical to network security. Such data leakage can facilitate further attacks, including network intrusion, lateral movement, or espionage. Since the vulnerability does not affect integrity or availability, it does not directly enable data modification or denial of service. However, the confidentiality breach alone can have severe consequences, especially in environments where these routers are deployed at network perimeters or in critical infrastructure. Organizations worldwide using this device model are at risk of data exposure, potentially compromising internal networks and sensitive communications.

Given the absence of an official patch at the time of this report, organizations should implement the following mitigations: 1) Restrict network access to the management interface of Draytek Vigor3910 devices by limiting exposure to trusted IP addresses or VPN-only access. 2) Employ network segmentation to isolate vulnerable devices from critical assets. 3) Monitor network traffic for unusual POST requests targeting the router’s management interface, especially those attempting directory traversal patterns (e.g., ../ sequences). 4) Disable or restrict remote management features if not strictly necessary. 5) Regularly check for firmware updates from Draytek and apply patches promptly once available. 6) Consider deploying Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block directory traversal attempts. 7) Conduct internal audits to identify any signs of data exfiltration or compromise related to this vulnerability.