CVE-2024-41338
HIGHDraytek Vigor Routers - Denial of Service via Crafted DHCP Request
Title source: llmDescription
A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to cause a Denial of Service (DoS) via a crafted DHCP request.
References (2)
Core 2
Core References
Product
http://draytek.com
Scores
CVSS v3
7.5
EPSS
0.0045
EPSS Percentile
35.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (20)
draytek/vigor165_firmware
< 4.2.6
draytek/vigor166_firmware
< 4.2.6
draytek/vigor2133_firmware
< 3.9.8
draytek/vigor2135_firmware
< 4.4.5.1
draytek/vigor2620_firmware
< 3.9.8.8
draytek/vigor2762_firmware
< 3.9.8
draytek/vigor2765_firmware
< 4.4.5.1
draytek/vigor2766_firmware
< 4.4.5.1
draytek/vigor2832_firmware
< 3.9.8
draytek/vigor2860_firmware
< 3.9.7
... and 10 more
Published
Feb 27, 2025
Tracked Since
Feb 18, 2026