fkie_nvd - fkie_cve-2024-41338

FKIE_CVE-2024-41338

Vulnerability from fkie_nvd - Published: 2025-02-27 21:15 - Updated: 2025-06-03 14:06

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to cause a Denial of Service (DoS) via a crafted DHCP request.

References

	URL	Tags
	cve@mitre.org	http://draytek.com	Product
	cve@mitre.org	https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946	Third Party Advisory

Impacted products

Vendor	Product	Version
draytek	vigor165_firmware	*
draytek	vigor165	-
draytek	vigor166_firmware	*
draytek	vigor166	-
draytek	vigor2620_firmware	*
draytek	vigor2620	-
draytek	vigorlte200_firmware	*
draytek	vigorlte200	-
draytek	vigor2860_firmware	*
draytek	vigor2860	-
draytek	vigor2925_firmware	*
draytek	vigor2925	-
draytek	vigor2862_firmware	*
draytek	vigor2862	-
draytek	vigor2926_firmware	*
draytek	vigor2926	-
draytek	vigor2133_firmware	*
draytek	vigor2133	-
draytek	vigor2762_firmware	*
draytek	vigor2762	-
draytek	vigor2832_firmware	*
draytek	vigor2832	-
draytek	vigor2135_firmware	*
draytek	vigor2135	-
draytek	vigor2765_firmware	*
draytek	vigor2765	-
draytek	vigor2766_firmware	*
draytek	vigor2766	-
draytek	vigor2865_firmware	*
draytek	vigor2865	-
draytek	vigor2866_firmware	*
draytek	vigor2866	-
draytek	vigor2927_firmware	*
draytek	vigor2927	-
draytek	vigor2962_firmware	*
draytek	vigor2962	-
draytek	vigor3910_firmware	*
draytek	vigor3910	-
draytek	vigor3912_firmware	*
draytek	vigor3912	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor165_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "120469A7-CC8F-46B9-8EAD-D272485DBBAC",
              "versionEndExcluding": "4.2.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor165:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E644893-0457-43A9-98AB-9DB37A5C415C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor166_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "013EEA0E-3D6A-43AE-A504-8439462C4F20",
              "versionEndExcluding": "4.2.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor166:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E33E647-5883-44FA-9915-34B89090D4E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41CEC37D-608B-4A8C-B8F4-803FF9A8179D",
              "versionEndExcluding": "3.9.8.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDF86F14-D8AA-4F7A-978E-C390BECD2A56",
              "versionEndExcluding": "3.9.8.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B13C853-B725-4F3F-B919-1EDCF1F1FA6B",
              "versionEndExcluding": "3.9.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9512D67-5D05-4707-9C01-FEF27BC7D8CD",
              "versionEndExcluding": "3.9.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "825055C3-9212-4406-865A-5CCB27C4E3FE",
              "versionEndExcluding": "3.9.9.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5E7BCA-A181-4689-80AD-5B0BF4A62D45",
              "versionEndExcluding": "3.9.9.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEF9194C-9EC2-4B08-8264-F58E1C649473",
              "versionEndExcluding": "3.9.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68C3D0EB-6019-43A2-BE4E-17E30985BCF0",
              "versionEndExcluding": "3.9.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D71EA7-2F97-4F7D-BDB8-246710EEEE34",
              "versionEndExcluding": "3.9.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FD4B17C-2E8A-45C9-8475-C5FD40C86052",
              "versionEndExcluding": "4.4.5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "815465FB-9BDB-4A16-9E8A-A73B928A7999",
              "versionEndExcluding": "4.4.5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73E966A8-E862-4118-B178-93C297765B0B",
              "versionEndExcluding": "4.4.5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31F174D4-CDE6-401D-9040-34B862BDE1F9",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9B2CD77-C72F-4C26-B082-EA2671A59116",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2927_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "570A3205-4E89-47E5-9FAE-2D4FFBD5A667",
              "versionEndExcluding": "4.4.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2927:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12460F51-25AB-4EA9-BC43-9CE8DA992D75",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D8A49BF-8174-42D6-B7C2-A461F0B3DC57",
              "versionEndExcluding": "4.3.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20C6D6BC-9B8D-4108-80F8-4647013B7843",
              "versionEndExcluding": "4.3.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7ECBEFC-3444-4732-80C5-24E4B40B7413",
              "versionEndExcluding": "4.3.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to cause a Denial of Service (DoS) via a crafted DHCP request."
    },
    {
      "lang": "es",
      "value": "Una desreferencia de puntero NULL en los dispositivos Draytek Vigor 165/166 anteriores a v4.2.6, Vigor 2620/LTE200 anteriores a v3.9.8.8, Vigor 2860/2925 anteriores a v3.9.7, Vigor 2862/2926 anteriores a v3.9.9.4, Vigor 2133/2762/2832 anteriores a v3.9.8, Vigor 2135/2765/2766 anteriores a v4.4.5.1, Vigor 2865/2866/2927 anteriores a v4.4.5.3, Vigor 2962/3910 anteriores a v4.3.2.7, Vigor 3912 anteriores a v4.3.5.2 y Vigor 2925 hasta v3.9.6 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una solicitud DHCP manipulada espec\u00edficamente."
    }
  ],
  "id": "CVE-2024-41338",
  "lastModified": "2025-06-03T14:06:40.670",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-27T21:15:36.753",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "http://draytek.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2024-41338 (GCVE-0-2024-41338)

Vulnerability from cvelistv5 – Published: 2025-02-27 00:00 – Updated: 2025-02-28 14:32

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

URL

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2024-41338

CVE-2024-41338 (GCVE-0-2024-41338)

Tags

Sightings

Nomenclature