#VU106351 Improper Certificate Validation in DrayTek Corp. products - CVE-2024-41334


Vulnerability identifier: #VU106351

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-41334

CWE-ID: CWE-295

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Vigor165
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor166
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2620 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
VigorLTE 200n
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2133
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2135
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2762
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2765
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2766
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2832
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2860
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2860 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2862
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2862 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2865
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2865 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2865L-5G
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2866
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2866 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2915
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2925
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2925 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2926
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2926 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2927
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2927L-5G
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2952
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2952P
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2927 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2962
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor3220
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor3910
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor3912
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: DrayTek Corp.

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to missing SSL certificate validation for APP Enforcement signature updates. A remote attacker can install specially crafted APPE modules from unofficial servers and execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Vigor165: before 4.2.7

Vigor166: before 4.2.7

Vigor2620 LTE: before 3.9.8.9

VigorLTE 200n: before 3.9.8.9

Vigor2133: before 3.9.9

Vigor2135: before 4.4.5.1

Vigor2762: before 3.9.9

Vigor2765: before 4.4.5.1

Vigor2766: before 4.4.5.1

Vigor2832: before 3.9.9

Vigor2860: before 3.9.8

Vigor2860 LTE: before 3.9.8

Vigor2862: before 3.9.9.5

Vigor2862 LTE: before 3.9.9.5

Vigor2865: before 4.4.5.3

Vigor2865 LTE: before 4.4.5.3

Vigor2865L-5G: before 4.4.5.3

Vigor2866: before 4.4.5.3

Vigor2866 LTE: before 4.4.5.3

Vigor2915: before 4.4.5

Vigor2925: before 3.9.8

Vigor2925 LTE: before 3.9.8

Vigor2926: before 3.9.8

Vigor2926 LTE: before 3.9.8

Vigor2927: before 4.4.5.3

Vigor2927L-5G: before 4.4.5.3

Vigor2952: before 3.9.8.2

Vigor2952P: before 3.9.8.2

Vigor2927 LTE: before 4.4.5.3

Vigor2962: before 4.3.2.8

Vigor3220: before 3.9.8.2

Vigor3910: before 4.3.2.8

Vigor3912: before 4.3.6.1

External links
https://draytek.com
https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946
https://www.draytek.com/about/security-advisory/denial-of-service,-information-disclosure,-and-code-execution-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Draytek routers