Main Vulnerability Database SB2025040126

SB2025040126 - Multiple vulnerabilities in Draytek routers

Published: April 1, 2025

Security Bulletin ID SB2025040126

Severity

High

Patch available

YES

Number of vulnerabilities 6

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Improper Certificate Validation (CVE-ID: CVE-2024-41334)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to missing SSL certificate validation for APP Enforcement signature updates. A remote attacker can install specially crafted APPE modules from unofficial servers and execute arbitrary code on the system.

2) Code Injection (CVE-ID: CVE-2024-41339)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to undocumented kernel module installation through CGI configuration endpoint. A remote attacker can execute arbitrary code on the target system.

3) Observable discrepancy (CVE-ID: CVE-2024-41335)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected products utilize insecure versions of the functions strcmp and memcmp to compare credentials. A remote attacker can gain unauthorized access to sensitive information on the system.

4) Unprotected storage of credentials (CVE-ID: CVE-2024-41336)

The vulnerability allows a local attacker to gain access to sensitive information.

The vulnerability exists due to application stored credentials in plain text. An attacker with physical access can dump credentials.

5) NULL pointer dereference (CVE-ID: CVE-2024-41338)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can send a specially crafted DHCP request and perform a denial of service (DoS) attack.

6) Arbitrary file upload (CVE-ID: CVE-2024-41340)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload specially crafted APP Enforcement modules and execute arbitrary code on the system.

Remediation

Install update from vendor's website.

References

Vulnerable Software

Vigor165: before 4.2.7
Vigor166: before 4.2.7
Vigor2620 LTE: before 3.9.8.9
VigorLTE 200n: before 3.9.8.9
Vigor2133: before 3.9.9
Vigor2135: before 4.4.5.1
Vigor2762: before 3.9.9
Vigor2765: before 4.4.5.1
Vigor2766: before 4.4.5.1
Vigor2832: before 3.9.9
Vigor2860: before 3.9.8
Vigor2860 LTE: before 3.9.8
Vigor2862: before 3.9.9.5
Vigor2862 LTE: before 3.9.9.5
Vigor2865: before 4.4.5.3
Vigor2865 LTE: before 4.4.5.3
Vigor2865L-5G: before 4.4.5.3
Vigor2866: before 4.4.5.3
Vigor2866 LTE: before 4.4.5.3
Vigor2915: before 4.4.5
Vigor2925: before 3.9.8
Vigor2925 LTE: before 3.9.8
Vigor2926: before 3.9.8
Vigor2926 LTE: before 3.9.8
Vigor2927: before 4.4.5.3
Vigor2927L-5G: before 4.4.5.3
Vigor2952: before 3.9.8.2
Vigor2952P: before 3.9.8.2
Vigor2927 LTE: before 4.4.5.3
Vigor2962: before 4.3.2.8
Vigor3220: before 3.9.8.2
Vigor3910: before 4.3.2.8
Vigor3912: before 4.3.6.1

SB2025040126 - Multiple vulnerabilities in Draytek routers

Breakdown by Severity

Description

Remediation

References

Please verify you're human