CVE-2024-41334
Summary
| CVE | CVE-2024-41334 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-02-27 21:15:36 UTC |
| Updated | 2026-07-05 01:20:13 UTC |
| Description | Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to not utilize certificate verification, allowing attackers to upload crafted APPE modules from non-official servers, leading to arbitrary code execution. |
Risk And Classification
Primary CVSS: v3.1 8.8 HIGH from ADP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.003600000 probability, percentile 0.279970000 (date 2026-07-07)
Problem Types: CWE-295 | n/a | CWE-295 CWE-295 Improper Certificate Validation
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Draytek | Vigor165 | - | All | All | All |
| Operating System | Draytek | Vigor165 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor166 | - | All | All | All |
| Operating System | Draytek | Vigor166 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2133 | - | All | All | All |
| Operating System | Draytek | Vigor2133 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2135 | - | All | All | All |
| Operating System | Draytek | Vigor2135 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2620 | - | All | All | All |
| Operating System | Draytek | Vigor2620 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2762 | - | All | All | All |
| Operating System | Draytek | Vigor2762 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2765 | - | All | All | All |
| Operating System | Draytek | Vigor2765 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2766 | - | All | All | All |
| Operating System | Draytek | Vigor2766 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2832 | - | All | All | All |
| Operating System | Draytek | Vigor2832 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2860 | - | All | All | All |
| Operating System | Draytek | Vigor2860 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2862 | - | All | All | All |
| Operating System | Draytek | Vigor2862 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2865 | - | All | All | All |
| Operating System | Draytek | Vigor2865 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2866 | - | All | All | All |
| Operating System | Draytek | Vigor2866 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2925 | - | All | All | All |
| Operating System | Draytek | Vigor2925 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2926 | - | All | All | All |
| Operating System | Draytek | Vigor2926 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2927 | - | All | All | All |
| Operating System | Draytek | Vigor2927 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2962 | - | All | All | All |
| Operating System | Draytek | Vigor2962 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor3910 | - | All | All | All |
| Operating System | Draytek | Vigor3910 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor3912 | - | All | All | All |
| Operating System | Draytek | Vigor3912 Firmware | All | All | All | All |
| Hardware | Draytek | Vigorlte200 | - | All | All | All |
| Operating System | Draytek | Vigorlte200 Firmware | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-r... | [email protected] | medium.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.