CVE-2024-41334

Summary

CVE-2024-41334 is a vulnerability affecting various Draytek devices, including the Vigor 165/166, Vigor 2620/LTE200, Vigor 2860/2925, Vigor 2862/2926, Vigor 2133/2762/2832, Vigor 2135/2765/2766, Vigor 2865/2866/2927, Vigor 2962/3910, Vigor 3912, and Vigor 2925. These devices were found to lack certificate verification during the installation of APPE modules, enabling attackers to upload malicious modules from unauthorized servers. As a result, arbitrary code execution can occur, posing a serious threat to the affected devices and networks. Users are strongly advised to update their devices to the latest firmware versions to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.