Cyber Resilience

CVE-2024-41340

High

Published: 27 February 2025

Published
27 February 2025
Modified
03 June 2025
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 20.2th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-41340 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Draytek Vigor2962 Firmware. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-41340 is an unrestricted file upload vulnerability (CWE-434) affecting multiple Draytek Vigor router models, including Vigor 165/166 prior to v4.2.6, Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6. The flaw enables attackers to upload crafted APP Enforcement modules, resulting in arbitrary code execution on the device.

The vulnerability has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it can be exploited by local attackers with low complexity, no privileges, and no user interaction required. Successful exploitation grants high-impact arbitrary code execution, potentially allowing full compromise of the router's confidentiality, integrity, and availability.

Advisories from Draytek (http://draytek.com) and a Faraday Labs report (https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946) recommend updating to the specified patched firmware versions for each affected model to mitigate the issue.

EU & UK References

Vulnerability details

An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to…

more

v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to upload crafted APP Enforcement modules, leading to arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
Why these techniques?

Unrestricted file upload on router management interface directly enables remote/local exploitation of public-facing app (T1190) and malicious module ingress for code execution (T1105).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-41339Same product: Draytek Vigor165
CVE-2024-41334Same product: Draytek Vigor165
CVE-2024-41338Same product: Draytek Vigor165
CVE-2024-51138Same product: Draytek Vigor2133
CVE-2024-51139Same product: Draytek Vigor2133
CVE-2026-2269Shared CWE-434
CVE-2025-25783Shared CWE-434
CVE-2025-27683Shared CWE-434
CVE-2026-3040Same vendor: Draytek
CVE-2025-6207Shared CWE-434

Affected Assets

draytek
vigor165 firmware
≤ 4.2.7
draytek
vigor166 firmware
≤ 4.2.7
draytek
vigor2620 firmware
≤ 3.9.8.9
draytek
vigorlte200 firmware
≤ 3.9.8.9
draytek
vigor2860 firmware
≤ 3.9.8
draytek
vigor2925 firmware
≤ 3.9.8
draytek
vigor2862 firmware
≤ 3.9.9.5
draytek
vigor2926 firmware
≤ 3.9.9.5
draytek
vigor2133 firmware
≤ 3.9.9
draytek
vigor2762 firmware
≤ 3.9.9
+10 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation of uploaded APP Enforcement modules to reject crafted files that could lead to arbitrary code execution.

prevent

Requires timely patching of the unrestricted file upload flaw via updated firmware versions recommended by Draytek.

prevent

Mandates digital signatures for system components like APP Enforcement modules, blocking unsigned crafted uploads from execution.

References