CVE-2024-41339

CVE Database · CVE-2024-41339

CVE-2024-41339

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

0.61%

Published

Feb 27, 2025

Modified

Jun 3, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to upload a crafted kernel module, allowing for arbitrary code execution.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-434

Affected Products (42)

draytek · vigor165_firmware (up to 4.2.7)vulnerable

draytek · vigor165

draytek · vigor166_firmware (up to 4.2.7)vulnerable

draytek · vigor166

draytek · vigor2620_firmware (up to 3.9.8.9)vulnerable

draytek · vigor2620

draytek · vigorlte200_firmware (up to 3.9.8.9)vulnerable

draytek · vigorlte200

draytek · vigor2860_firmware (up to 3.9.8)vulnerable

draytek · vigor2860

References (2)

http://draytek.com

Product

https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs

draytek · vigor2925_firmware (up to 3.9.8)

draytek · vigor2925

draytek · vigor2862_firmware (up to 3.9.9.5)vulnerable

draytek · vigor2862

draytek · vigor2926_firmware (up to 3.9.9.5)vulnerable

draytek · vigor2926

draytek · vigor2133_firmware (up to 3.9.9)vulnerable

draytek · vigor2133

draytek · vigor2762_firmware (up to 3.9.9)vulnerable

draytek · vigor2762

draytek · vigor2832_firmware (up to 3.9.9)vulnerable

draytek · vigor2832

draytek · vigor2135_firmware (up to 4.4.5.1)vulnerable

draytek · vigor2135

draytek · vigor2765_firmware (up to 4.4.5.1)vulnerable

draytek · vigor2765

draytek · vigor2766_firmware (up to 4.4.5.1)vulnerable

draytek · vigor2766

draytek · vigor2865_firmware (up to 4.4.5.3)vulnerable

draytek · vigor2865

draytek · vigor2866_firmware (up to 4.4.5.3)vulnerable

draytek · vigor2866

draytek · vigor2927_firmware (up to 4.4.5.3)vulnerable

draytek · vigor2927

draytek · vigor2962_firmware (up to 4.3.2.8)vulnerable

draytek · vigor2962_firmwarevulnerable

draytek · vigor2962

draytek · vigor3910_firmware (up to 4.3.2.8)vulnerable

draytek · vigor3910_firmwarevulnerable

draytek · vigor3910

draytek · vigor3912_firmware (up to 4.3.6.1)vulnerable

draytek · vigor3912