PT-2025-9022 · Draytek · Draytek Vigor 3912+8
Published
2025-02-27
·
Updated
2025-06-03
·
CVE-2024-41339
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Draytek Vigor 165/166 versions prior to 4.2.6
Draytek Vigor 2620/LTE200 versions prior to 3.9.8.8
Draytek Vigor 2860/2925 versions prior to 3.9.7
Draytek Vigor 2862/2926 versions prior to 3.9.9.4
Draytek Vigor 2133/2762/2832 versions prior to 3.9.8
Draytek Vigor 2135/2765/2766 versions prior to 4.4.5.1
Draytek Vigor 2865/2866/2927 versions prior to 4.4.5.3
Draytek Vigor 2962/3910 versions prior to 4.3.2.7
Draytek Vigor 3912 versions prior to 4.3.5.2
Draytek Vigor 2925 versions up to 3.9.6
Description
The issue is related to the CGI endpoint used for uploading configurations, allowing attackers to upload a crafted kernel module. This enables arbitrary code execution.
Recommendations
For Draytek Vigor 165/166 versions prior to 4.2.6, update to version 4.2.6 or later.
For Draytek Vigor 2620/LTE200 versions prior to 3.9.8.8, update to version 3.9.8.8 or later.
For Draytek Vigor 2860/2925 versions prior to 3.9.7, update to version 3.9.7 or later.
For Draytek Vigor 2862/2926 versions prior to 3.9.9.4, update to version 3.9.9.4 or later.
For Draytek Vigor 2133/2762/2832 versions prior to 3.9.8, update to version 3.9.8 or later.
For Draytek Vigor 2135/2765/2766 versions prior to 4.4.5.1, update to version 4.4.5.1 or later.
For Draytek Vigor 2865/2866/2927 versions prior to 4.4.5.3, update to version 4.4.5.3 or later.
For Draytek Vigor 2962/3910 versions prior to 4.3.2.7, update to version 4.3.2.7 or later.
For Draytek Vigor 3912 versions prior to 4.3.5.2, update to version 4.3.5.2 or later.
For Draytek Vigor 2925 versions up to 3.9.6, update to version 3.9.7 or later.
Fix
Unrestricted File Upload
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Draytek Vigor 165/166
Draytek Vigor 2133/2762/2832
Draytek Vigor 2135/2765/2766
Draytek Vigor 2620/Lte200
Draytek Vigor 2860/2925
Draytek Vigor 2862/2926
Draytek Vigor 2865/2866/2927
Draytek Vigor 2962/3910
Draytek Vigor 3912