CVE-2024-41338 — HIGH (7.5)

Q: How severe is CVE-2024-41338?

CVE-2024-41338 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-41338?

Check the references section above for vendor advisories and patch information. Affected products include: Draytek Vigor165 Firmware, Draytek Vigor165, Draytek Vigor166 Firmware, Draytek Vigor166, Draytek Vigor2620 Firmware.

Vulnerability Description

A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to cause a Denial of Service (DoS) via a crafted DHCP request.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Draytek	Vigor165 Firmware	< 4.2.6
Draytek	Vigor165	-
Draytek	Vigor166 Firmware	< 4.2.6
Draytek	Vigor166	-
Draytek	Vigor2620 Firmware	< 3.9.8.8
Draytek	Vigor2620	-
Draytek	Vigorlte200 Firmware	< 3.9.8.8
Draytek	Vigorlte200	-
Draytek	Vigor2860 Firmware	< 3.9.7
Draytek	Vigor2860	-
Draytek	Vigor2925 Firmware	< 3.9.7
Draytek	Vigor2925	-
Draytek	Vigor2862 Firmware	< 3.9.9.4
Draytek	Vigor2862	-
Draytek	Vigor2926 Firmware	< 3.9.9.4
Draytek	Vigor2926	-
Draytek	Vigor2133 Firmware	< 3.9.8
Draytek	Vigor2133	-
Draytek	Vigor2762 Firmware	< 3.9.8
Draytek	Vigor2762	-

Related Weaknesses (CWE)

CWE-476

References

http://draytek.comProduct
https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-rThird Party Advisory

FAQ

What is CVE-2024-41338?

CVE-2024-41338 is a vulnerability with a CVSS score of 7.5 (HIGH). A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2...

How severe is CVE-2024-41338?

CVE-2024-41338 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-41338?

Check the references section above for vendor advisories and patch information. Affected products include: Draytek Vigor165 Firmware, Draytek Vigor165, Draytek Vigor166 Firmware, Draytek Vigor166, Draytek Vigor2620 Firmware.