CVE-2024-41338

A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to cause a Denial of Service (DoS) via a crafted DHCP request.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://draytek.com
https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946

Configurations

No configuration.

History

28 Feb 2025, 15:15

Type	Values Removed	Values Added
CWE		CWE-476
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
Summary		(es) Una desreferencia de puntero NULL en los dispositivos Draytek Vigor 165/166 anteriores a v4.2.6, Vigor 2620/LTE200 anteriores a v3.9.8.8, Vigor 2860/2925 anteriores a v3.9.7, Vigor 2862/2926 anteriores a v3.9.9.4, Vigor 2133/2762/2832 anteriores a v3.9.8, Vigor 2135/2765/2766 anteriores a v4.4.5.1, Vigor 2865/2866/2927 anteriores a v4.4.5.3, Vigor 2962/3910 anteriores a v4.3.2.7, Vigor 3912 anteriores a v4.3.5.2 y Vigor 2925 hasta v3.9.6 permite a los atacantes provocar una denegación de servicio (DoS) a través de una solicitud DHCP manipulada específicamente.

27 Feb 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-27 21:15

Updated : 2025-02-28 15:15

NVD link : CVE-2024-41338

Mitre link : CVE-2024-41338

CVE.ORG link : CVE-2024-41338

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

7.5 /10