CVE-2024-41338

Name of the Vulnerable Software and Affected Versions Draytek Vigor 165/166 versions prior to 4.2.6 Draytek Vigor 2620/LTE200 versions prior to 3.9.8.8 Draytek Vigor 2860/2925 versions prior to 3.9.7 Draytek Vigor 2862/2926 versions prior to 3.9.9.4 Draytek Vigor 2133/2762/2832 versions prior to 3.9.8 Draytek Vigor 2135/2765/2766 versions prior to 4.4.5.1 Draytek Vigor 2865/2866/2927 versions prior to 4.4.5.3 Draytek Vigor 2962/3910 versions prior to 4.3.2.7 Draytek Vigor 3912 versions prior to 4.3.5.2 Draytek Vigor 2925 versions up to 3.9.6

Description A NULL pointer dereference in Draytek devices allows attackers to cause a Denial of Service (DoS) via a crafted DHCP request.

Recommendations For Draytek Vigor 165/166 versions prior to 4.2.6, update to version 4.2.6 or later. For Draytek Vigor 2620/LTE200 versions prior to 3.9.8.8, update to version 3.9.8.8 or later. For Draytek Vigor 2860/2925 versions prior to 3.9.7, update to version 3.9.7 or later. For Draytek Vigor 2862/2926 versions prior to 3.9.9.4, update to version 3.9.9.4 or later. For Draytek Vigor 2133/2762/2832 versions prior to 3.9.8, update to version 3.9.8 or later. For Draytek Vigor 2135/2765/2766 versions prior to 4.4.5.1, update to version 4.4.5.1 or later. For Draytek Vigor 2865/2866/2927 versions prior to 4.4.5.3, update to version 4.4.5.3 or later. For Draytek Vigor 2962/3910 versions prior to 4.3.2.7, update to version 4.3.2.7 or later. For Draytek Vigor 3912 versions prior to 4.3.5.2, update to version 4.3.5.2 or later. For Draytek Vigor 2925 versions up to 3.9.6, update to version 3.9.7 or later.