ID

VAR-202502-2792


CVE

CVE-2024-41334


TITLE

plural  DrayTek Corporation  Vulnerability related to certificate validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2024-024560

DESCRIPTION

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to not utilize certificate verification, allowing attackers to upload crafted APPE modules from non-official servers, leading to arbitrary code execution. vigor166 firmware, vigor2620 firmware, vigorlte200 firmware etc. DrayTek Corporation The product contains a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-41334 // JVNDB: JVNDB-2024-024560

AFFECTED PRODUCTS

vendor:draytekmodel:vigor2866scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor3912scope:ltversion:4.3.5.2

Trust: 1.0

vendor:draytekmodel:vigor2766scope:ltversion:4.4.5.1

Trust: 1.0

vendor:draytekmodel:vigor2620scope:ltversion:3.9.8.8

Trust: 1.0

vendor:draytekmodel:vigor165scope:ltversion:4.2.6

Trust: 1.0

vendor:draytekmodel:vigor2927scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor2962scope:ltversion:4.3.2.7

Trust: 1.0

vendor:draytekmodel:vigor2860scope:ltversion:3.9.7

Trust: 1.0

vendor:draytekmodel:vigor2925scope:ltversion:3.9.7

Trust: 1.0

vendor:draytekmodel:vigor166scope:ltversion:4.2.6

Trust: 1.0

vendor:draytekmodel:vigor2765scope:ltversion:4.4.5.1

Trust: 1.0

vendor:draytekmodel:vigor2762scope:ltversion:3.9.8

Trust: 1.0

vendor:draytekmodel:vigorlte200scope:ltversion:3.9.8.8

Trust: 1.0

vendor:draytekmodel:vigor2865scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor2832scope:ltversion:3.9.8

Trust: 1.0

vendor:draytekmodel:vigor2926scope:ltversion:3.9.9.4

Trust: 1.0

vendor:draytekmodel:vigor2135scope:ltversion:4.4.5.1

Trust: 1.0

vendor:draytekmodel:vigor3910scope:ltversion:4.3.2.7

Trust: 1.0

vendor:draytekmodel:vigor2133scope:ltversion:3.9.8

Trust: 1.0

vendor:draytekmodel:vigor2862scope:ltversion:3.9.9.4

Trust: 1.0

vendor:draytekmodel:vigor2832scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2765scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor166scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor165scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2133scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2762scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2926scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2135scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor3912scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor3910scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2620scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2866scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2962scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2925scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2862scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2860scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2766scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2927scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigorlte200scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2865scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-024560 // NVD: CVE-2024-41334

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-41334
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-024560
value: HIGH

Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-41334
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-024560
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-024560 // NVD: CVE-2024-41334

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.0

problemtype:Illegal certificate verification (CWE-295) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-024560 // NVD: CVE-2024-41334

EXTERNAL IDS

db:NVDid:CVE-2024-41334

Trust: 2.6

db:JVNDBid:JVNDB-2024-024560

Trust: 0.8

sources: JVNDB: JVNDB-2024-024560 // NVD: CVE-2024-41334

REFERENCES

url:http://draytek.com

Trust: 1.8

url:https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-41334

Trust: 0.8

sources: JVNDB: JVNDB-2024-024560 // NVD: CVE-2024-41334

SOURCES

db:JVNDBid:JVNDB-2024-024560
db:NVDid:CVE-2024-41334

LAST UPDATE DATE

2025-06-05T23:05:04.523000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-024560date:2025-06-04T01:14:00
db:NVDid:CVE-2024-41334date:2025-06-03T14:06:43.900

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-024560date:2025-06-04T00:00:00
db:NVDid:CVE-2024-41334date:2025-02-27T21:15:36.483