CVE-2024-41336

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to store passwords in plaintext.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://draytek.com
https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946

Configurations

No configuration.

History

28 Feb 2025, 17:15

Type	Values Removed	Values Added
CWE		CWE-256
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
Summary		(es) Se descubrió que los dispositivos Draytek Vigor 165/166 anteriores a v4.2.6, Vigor 2620/LTE200 anteriores a v3.9.8.8, Vigor 2860/2925 anteriores a v3.9.7, Vigor 2862/2926 anteriores a v3.9.9.4, Vigor 2133/2762/2832 anteriores a v3.9.8, Vigor 2135/2765/2766 anteriores a v4.4.5.1, Vigor 2865/2866/2927 anteriores a v4.4.5.3, Vigor 2962/3910 anteriores a v4.3.2.7, Vigor 3912 anteriores a v4.3.5.2 y Vigor 2925 hasta v3.9.6 almacenaban contraseñas en texto plano.

27 Feb 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-27 21:15

Updated : 2025-02-28 17:15

NVD link : CVE-2024-41336

Mitre link : CVE-2024-41336

CVE.ORG link : CVE-2024-41336

JSON object : View

Products Affected

No product.

CWE

CWE-256

Plaintext Storage of a Password

7.5 /10