CVE-2024-41338

Q: What is the severity of CVE-2024-41338?

CVE-2024-41338 has a CVSS score of 7.5 (HIGH). A NULL pointer dereference vulnerability in multiple Draytek router models allows attackers to cause Denial of Service (DoS) via specially crafted DHCP requests. This affects organizations and individuals using vulnerable Draytek Vigor routers across numerous product lines. The vulnerability can crash affected devices, disrupting network connectivity.

7.5 HIGH

Denial of Service

📋 TL;DR

A NULL pointer dereference vulnerability in multiple Draytek router models allows attackers to cause Denial of Service (DoS) via specially crafted DHCP requests. This affects organizations and individuals using vulnerable Draytek Vigor routers across numerous product lines. The vulnerability can crash affected devices, disrupting network connectivity.

💻 Affected Systems

Products:

Draytek Vigor 165
Draytek Vigor 166
Draytek Vigor 2620
Draytek Vigor LTE200
Draytek Vigor 2860
Draytek Vigor 2925
Draytek Vigor 2862
Draytek Vigor 2926
Draytek Vigor 2133
Draytek Vigor 2762
Draytek Vigor 2832
Draytek Vigor 2135
Draytek Vigor 2765
Draytek Vigor 2766
Draytek Vigor 2865
Draytek Vigor 2866
Draytek Vigor 2927
Draytek Vigor 2962
Draytek Vigor 3910
Draytek Vigor 3912

Versions: Varies by product line - see CVE description for specific vulnerable version ranges per model.

Operating Systems: Draytek firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All affected devices with default DHCP server configuration are vulnerable. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical reboot, extended network downtime affecting all connected services and users.

🟠

Likely Case

Temporary service disruption until device automatically reboots or is manually restarted, causing brief network outages.

🟢

If Mitigated

Minimal impact if devices are patched or network segmentation prevents DHCP requests from untrusted sources.

🌐 Internet-Facing: HIGH - DHCP services are typically exposed to local networks, and crafted requests can originate from compromised internal devices or adjacent network segments.

🏢 Internal Only: MEDIUM - Requires attacker access to local network, but DHCP is fundamental service that devices regularly interact with.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to send DHCP requests but no authentication. Attack complexity is low as DHCP is a standard protocol.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by model - see CVE description for specific fixed versions per product line.

Vendor Advisory: http://draytek.com

Restart Required: Yes

Instructions:

1. Identify your Draytek router model. 2. Visit Draytek support website. 3. Download appropriate firmware version for your model. 4. Backup current configuration. 5. Upload and install new firmware via web interface. 6. Reboot device after installation.

🔧 Temporary Workarounds

Disable DHCP server

all

Disable the built-in DHCP server and use external DHCP server instead

Network segmentation

all

Segment network to restrict DHCP requests to trusted devices only

🧯 If You Can't Patch

Implement network access controls to restrict DHCP traffic to trusted sources only
Monitor for abnormal DHCP request patterns and device crashes

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface and compare against patched versions listed in CVE description

Check Version:

Login to router web interface > System Maintenance > Firmware Information

Verify Fix Applied:

Verify firmware version matches or exceeds patched version for your specific model

📡 Detection & Monitoring

Log Indicators:

Device crash/reboot logs
DHCP service failure messages
Unusual DHCP request patterns

Network Indicators:

Malformed DHCP packets
Sudden loss of connectivity to router
DHCP service unresponsive

SIEM Query:

source="router_logs" AND ("crash" OR "reboot" OR "DHCP error")

📊 Metadata

CVE ID: CVE-2024-41338

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.12% exploit probability (30.6th percentile)

Published: February 27, 2025

Last Updated: June 3, 2025

🔗 References

http://draytek.com Product
https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946 Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Vigor165 Firmware by Draytek

Vigor166 Firmware by Draytek

Vigor2133 Firmware by Draytek

Vigor2135 Firmware by Draytek

Vigor2620 Firmware by Draytek

Vigor2762 Firmware by Draytek

Vigor2765 Firmware by Draytek

Vigor2766 Firmware by Draytek

Vigor2832 Firmware by Draytek

Vigor2860 Firmware by Draytek

Vigor2862 Firmware by Draytek

Vigor2865 Firmware by Draytek

Vigor2866 Firmware by Draytek

Vigor2925 Firmware by Draytek

Vigor2926 Firmware by Draytek

Vigor2927 Firmware by Draytek

Vigor2962 Firmware by Draytek

Vigor3910 Firmware by Draytek

Vigor3912 Firmware by Draytek

Vigorlte200 Firmware by Draytek