#VU97985 Credentials management in DrayTek Corp. products - CVE-2024-41589

Cybersecurity Help s.r.o.

Published: 2024-10-03

Vulnerability identifier: #VU97985

Vulnerability risk: Medium

CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-41589

CWE-ID: CWE-255

Exploitation vector: Local network

Exploit availability: No

Vendor: DrayTek Corp.

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to the same admin credentials are used across the entire system (including both guest and host operating systems). Obtaining these credentials can lead to full system compromise.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Vigor 1000B: before 4.3.2.8

Vigor 2962: before 4.3.2.8

Vigor 3910: before 4.3.2.8

Vigor 3912: before 4.3.6.1

Vigor 165: before 4.2.7

Vigor 166: before 4.2.7

Vigor 2135: before 4.4.5.1

Vigor 2763: before 4.4.5.1

Vigor 2765: before 4.4.5.1

Vigor 2766: before 4.4.5.1

Vigor 2865: before 4.4.5.3

Vigor 2866: before 4.4.5.3

Vigor 2915: before 4.4.5.3

Vigor 2620: before 3.9.8.9

Vigor LTE200: before 3.9.8.9

Vigor 2133: before 3.9.9

Vigor 2762: before 3.9.9

Vigor 2832: before 3.9.9

Vigor 2860: before 3.9.8

Vigor 2925: before 3.9.8

Vigor 2862: before 3.9.9.5

Vigor 2926: before 3.9.9.5

Vigor 2952: before 3.9.8.2

Vigor 3220: before 3.9.8.2

External links
https://www.forescout.com/resources/draybreak-draytek-research/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in DrayTek products