Details of VAR-202502-2792

ID

VAR-202502-2792

CVE

CVE-2024-41334

TITLE

plural DrayTek Corporation Vulnerability related to certificate validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2024-024560

DESCRIPTION

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to not utilize certificate verification, allowing attackers to upload crafted APPE modules from non-official servers, leading to arbitrary code execution. vigor166 firmware, vigor2620 firmware, vigorlte200 firmware etc. DrayTek Corporation The product contains a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-41334 // JVNDB: JVNDB-2024-024560

AFFECTED PRODUCTS

vendor:	draytek	model:	vigor2866	scope:	lt	version:	4.4.5.3	Trust: 1.0
vendor:	draytek	model:	vigor3912	scope:	lt	version:	4.3.5.2	Trust: 1.0
vendor:	draytek	model:	vigor2766	scope:	lt	version:	4.4.5.1	Trust: 1.0
vendor:	draytek	model:	vigor2620	scope:	lt	version:	3.9.8.8	Trust: 1.0
vendor:	draytek	model:	vigor165	scope:	lt	version:	4.2.6	Trust: 1.0
vendor:	draytek	model:	vigor2927	scope:	lt	version:	4.4.5.3	Trust: 1.0
vendor:	draytek	model:	vigor2962	scope:	lt	version:	4.3.2.7	Trust: 1.0
vendor:	draytek	model:	vigor2860	scope:	lt	version:	3.9.7	Trust: 1.0
vendor:	draytek	model:	vigor2925	scope:	lt	version:	3.9.7	Trust: 1.0
vendor:	draytek	model:	vigor166	scope:	lt	version:	4.2.6	Trust: 1.0
vendor:	draytek	model:	vigor2765	scope:	lt	version:	4.4.5.1	Trust: 1.0
vendor:	draytek	model:	vigor2762	scope:	lt	version:	3.9.8	Trust: 1.0
vendor:	draytek	model:	vigorlte200	scope:	lt	version:	3.9.8.8	Trust: 1.0
vendor:	draytek	model:	vigor2865	scope:	lt	version:	4.4.5.3	Trust: 1.0
vendor:	draytek	model:	vigor2832	scope:	lt	version:	3.9.8	Trust: 1.0
vendor:	draytek	model:	vigor2926	scope:	lt	version:	3.9.9.4	Trust: 1.0
vendor:	draytek	model:	vigor2135	scope:	lt	version:	4.4.5.1	Trust: 1.0
vendor:	draytek	model:	vigor3910	scope:	lt	version:	4.3.2.7	Trust: 1.0
vendor:	draytek	model:	vigor2133	scope:	lt	version:	3.9.8	Trust: 1.0
vendor:	draytek	model:	vigor2862	scope:	lt	version:	3.9.9.4	Trust: 1.0
vendor:	draytek	model:	vigor2832	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2765	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor166	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor165	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2133	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2762	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2926	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2135	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor3912	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor3910	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2620	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2866	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2962	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2925	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2862	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2860	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2766	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2927	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigorlte200	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2865	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-024560 // NVD: CVE-2024-41334

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-41334
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-024560
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-41334
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-024560
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-024560 // NVD: CVE-2024-41334

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.0
problemtype:	Illegal certificate verification (CWE-295) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-024560 // NVD: CVE-2024-41334

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41334	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-024560	Trust: 0.8

sources: JVNDB: JVNDB-2024-024560 // NVD: CVE-2024-41334

REFERENCES

url:	http://draytek.com	Trust: 1.8
url:	https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-41334	Trust: 0.8

sources: JVNDB: JVNDB-2024-024560 // NVD: CVE-2024-41334

SOURCES

db:	JVNDB	id:	JVNDB-2024-024560
db:	NVD	id:	CVE-2024-41334

LAST UPDATE DATE

2025-06-05T23:05:04.523000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-024560	date:	2025-06-04T01:14:00
db:	NVD	id:	CVE-2024-41334	date:	2025-06-03T14:06:43.900

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-024560	date:	2025-06-04T00:00:00
db:	NVD	id:	CVE-2024-41334	date:	2025-02-27T21:15:36.483