CVE-2024-41338
HIGH EPSS 35.7%
Published Feb 27, 20251y ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
Published Feb 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to cause a Denial of Service (DoS) via a crafted DHCP request.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
35.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 40
| Vendor | Product | Version | Range |
|---|---|---|---|
| draytek | vigor165_firmware | * | <4.2.6 |
| draytek | vigor165 | * | any |
| draytek | vigor166_firmware | * | <4.2.6 |
| draytek | vigor166 | * | any |
| draytek | vigor2620_firmware | * | <3.9.8.8 |
| draytek | vigor2620 | * | any |
| draytek | vigorlte200_firmware | * | <3.9.8.8 |
| draytek | vigorlte200 | * | any |
| draytek | vigor2860_firmware | * | <3.9.7 |
| draytek | vigor2860 | * | any |
| draytek | vigor2925_firmware | * | <3.9.7 |
| draytek | vigor2925 | * | any |
| draytek | vigor2862_firmware | * | <3.9.9.4 |
| draytek | vigor2862 | * | any |
| draytek | vigor2926_firmware | * | <3.9.9.4 |
| draytek | vigor2926 | * | any |
| draytek | vigor2133_firmware | * | <3.9.8 |
| draytek | vigor2133 | * | any |
| draytek | vigor2762_firmware | * | <3.9.8 |
| draytek | vigor2762 | * | any |
| draytek | vigor2832_firmware | * | <3.9.8 |
| draytek | vigor2832 | * | any |
| draytek | vigor2135_firmware | * | <4.4.5.1 |
| draytek | vigor2135 | * | any |
| draytek | vigor2765_firmware | * | <4.4.5.1 |
| draytek | vigor2765 | * | any |
| draytek | vigor2766_firmware | * | <4.4.5.1 |
| draytek | vigor2766 | * | any |
| draytek | vigor2865_firmware | * | <4.4.5.3 |
| draytek | vigor2865 | * | any |
| draytek | vigor2866_firmware | * | <4.4.5.3 |
| draytek | vigor2866 | * | any |
| draytek | vigor2927_firmware | * | <4.4.5.3 |
| draytek | vigor2927 | * | any |
| draytek | vigor2962_firmware | * | <4.3.2.7 |
| draytek | vigor2962 | * | any |
| draytek | vigor3910_firmware | * | <4.3.2.7 |
| draytek | vigor3910 | * | any |
| draytek | vigor3912_firmware | * | <4.3.5.2 |
| draytek | vigor3912 | * | any |
References 2
- draytek.com http://draytek.com
- medium.com https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.