CVE-2024-41339 — HIGH (8.8)

Q: How severe is CVE-2024-41339?

CVE-2024-41339 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-41339?

Check the references section above for vendor advisories and patch information. Affected products include: Draytek Vigor165 Firmware, Draytek Vigor165, Draytek Vigor166 Firmware, Draytek Vigor166, Draytek Vigor2620 Firmware.

Vulnerability Description

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to upload a crafted kernel module, allowing for arbitrary code execution.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Draytek	Vigor165 Firmware	< 4.2.7
Draytek	Vigor165	-
Draytek	Vigor166 Firmware	< 4.2.7
Draytek	Vigor166	-
Draytek	Vigor2620 Firmware	< 3.9.8.9
Draytek	Vigor2620	-
Draytek	Vigorlte200 Firmware	< 3.9.8.9
Draytek	Vigorlte200	-
Draytek	Vigor2860 Firmware	< 3.9.8
Draytek	Vigor2860	-
Draytek	Vigor2925 Firmware	< 3.9.8
Draytek	Vigor2925	-
Draytek	Vigor2862 Firmware	< 3.9.9.5
Draytek	Vigor2862	-
Draytek	Vigor2926 Firmware	< 3.9.9.5
Draytek	Vigor2926	-
Draytek	Vigor2133 Firmware	< 3.9.9
Draytek	Vigor2133	-
Draytek	Vigor2762 Firmware	< 3.9.9
Draytek	Vigor2762	-

Related Weaknesses (CWE)

CWE-434

References

http://draytek.comProduct
https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-rThird Party Advisory

FAQ

What is CVE-2024-41339?

CVE-2024-41339 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prio...

How severe is CVE-2024-41339?

CVE-2024-41339 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-41339?

Check the references section above for vendor advisories and patch information. Affected products include: Draytek Vigor165 Firmware, Draytek Vigor165, Draytek Vigor166 Firmware, Draytek Vigor166, Draytek Vigor2620 Firmware.