NULL Pointer Dereference in Draytek Vigor Devices
CVE-2024-41338

7.5HIGH

Key Information:

Vendor: Draytek
Status: Vigor Series Routers
Vendor: CVE Published:; 27 February 2025

What is CVE-2024-41338?

A NULL pointer dereference vulnerability exists in certain Draytek Vigor routers, leading to potential Denial of Service (DoS) conditions. Attackers can exploit this vulnerability by sending crafted DHCP requests, which may cause the device to become unresponsive. This affects multiple models across the Vigor series, with specific firmware versions susceptible to this issue, highlighting the need for prompt updates and patches from the vendor.

References

http://draytek.com

https://medium.com/faraday/advisory-multiple-vulnerabilit...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Jul 18, 2024