ID

VAR-202502-3730


CVE

CVE-2024-41338


TITLE

plural  DrayTek Corporation  In the product  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-024567

DESCRIPTION

A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to cause a Denial of Service (DoS) via a crafted DHCP request. vigor165 firmware, vigor166 firmware, vigor2620 firmware etc. DrayTek Corporation The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-41338 // JVNDB: JVNDB-2024-024567

AFFECTED PRODUCTS

vendor:draytekmodel:vigor2866scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor3912scope:ltversion:4.3.5.2

Trust: 1.0

vendor:draytekmodel:vigor2766scope:ltversion:4.4.5.1

Trust: 1.0

vendor:draytekmodel:vigor2620scope:ltversion:3.9.8.8

Trust: 1.0

vendor:draytekmodel:vigor165scope:ltversion:4.2.6

Trust: 1.0

vendor:draytekmodel:vigor2927scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor2962scope:ltversion:4.3.2.7

Trust: 1.0

vendor:draytekmodel:vigor2860scope:ltversion:3.9.7

Trust: 1.0

vendor:draytekmodel:vigor2925scope:ltversion:3.9.7

Trust: 1.0

vendor:draytekmodel:vigor166scope:ltversion:4.2.6

Trust: 1.0

vendor:draytekmodel:vigor2765scope:ltversion:4.4.5.1

Trust: 1.0

vendor:draytekmodel:vigor2762scope:ltversion:3.9.8

Trust: 1.0

vendor:draytekmodel:vigorlte200scope:ltversion:3.9.8.8

Trust: 1.0

vendor:draytekmodel:vigor2865scope:ltversion:4.4.5.3

Trust: 1.0

vendor:draytekmodel:vigor2832scope:ltversion:3.9.8

Trust: 1.0

vendor:draytekmodel:vigor2926scope:ltversion:3.9.9.4

Trust: 1.0

vendor:draytekmodel:vigor2135scope:ltversion:4.4.5.1

Trust: 1.0

vendor:draytekmodel:vigor3910scope:ltversion:4.3.2.7

Trust: 1.0

vendor:draytekmodel:vigor2133scope:ltversion:3.9.8

Trust: 1.0

vendor:draytekmodel:vigor2862scope:ltversion:3.9.9.4

Trust: 1.0

vendor:draytekmodel:vigor2832scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2765scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor166scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor165scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2133scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2762scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2926scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2135scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor3912scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor3910scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2620scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2866scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2962scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2925scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2862scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2860scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2766scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2927scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigorlte200scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2865scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-024567 // NVD: CVE-2024-41338

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-41338
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-024567
value: HIGH

Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-41338
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-024567
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-024567 // NVD: CVE-2024-41338

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-024567 // NVD: CVE-2024-41338

EXTERNAL IDS

db:NVDid:CVE-2024-41338

Trust: 2.6

db:JVNDBid:JVNDB-2024-024567

Trust: 0.8

sources: JVNDB: JVNDB-2024-024567 // NVD: CVE-2024-41338

REFERENCES

url:http://draytek.com

Trust: 1.8

url:https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-41338

Trust: 0.8

sources: JVNDB: JVNDB-2024-024567 // NVD: CVE-2024-41338

SOURCES

db:JVNDBid:JVNDB-2024-024567
db:NVDid:CVE-2024-41338

LAST UPDATE DATE

2025-06-05T23:11:17.299000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-024567date:2025-06-04T01:26:00
db:NVDid:CVE-2024-41338date:2025-06-03T14:06:40.670

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-024567date:2025-06-04T00:00:00
db:NVDid:CVE-2024-41338date:2025-02-27T21:15:36.753