#VU106354 Unprotected storage of credentials in DrayTek Corp. products - CVE-2024-41336


Vulnerability identifier: #VU106354

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41336

CWE-ID: CWE-256

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Vigor165
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor166
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2620 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
VigorLTE 200n
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2133
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2135
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2762
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2765
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2766
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2832
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2860
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2860 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2862
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2862 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2865
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2865 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2865L-5G
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2866
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2866 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2915
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2925
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2925 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2926
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2926 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2927
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2927L-5G
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2952
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2952P
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2927 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2962
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor3220
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor3910
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor3912
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: DrayTek Corp.

Description

The vulnerability allows a local attacker to gain access to sensitive information.

The vulnerability exists due to application stored credentials in plain text. An attacker with physical access can dump credentials.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Vigor165: before 4.2.7

Vigor166: before 4.2.7

Vigor2620 LTE: before 3.9.8.9

VigorLTE 200n: before 3.9.8.9

Vigor2133: before 3.9.9

Vigor2135: before 4.4.5.1

Vigor2762: before 3.9.9

Vigor2765: before 4.4.5.1

Vigor2766: before 4.4.5.1

Vigor2832: before 3.9.9

Vigor2860: before 3.9.8

Vigor2860 LTE: before 3.9.8

Vigor2862: before 3.9.9.5

Vigor2862 LTE: before 3.9.9.5

Vigor2865: before 4.4.5.3

Vigor2865 LTE: before 4.4.5.3

Vigor2865L-5G: before 4.4.5.3

Vigor2866: before 4.4.5.3

Vigor2866 LTE: before 4.4.5.3

Vigor2915: before 4.4.5

Vigor2925: before 3.9.8

Vigor2925 LTE: before 3.9.8

Vigor2926: before 3.9.8

Vigor2926 LTE: before 3.9.8

Vigor2927: before 4.4.5.3

Vigor2927L-5G: before 4.4.5.3

Vigor2952: before 3.9.8.2

Vigor2952P: before 3.9.8.2

Vigor2927 LTE: before 4.4.5.3

Vigor2962: before 4.3.2.8

Vigor3220: before 3.9.8.2

Vigor3910: before 4.3.2.8

Vigor3912: before 4.3.6.1


External links
https://draytek.com
https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946
https://www.draytek.com/about/security-advisory/denial-of-service,-information-disclosure,-and-code-...


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability