CVE-2024-41335

HIGH

CVSS v3.1: 7.5 · EPSS: 0.0044 (35.5 percentile)

NetworkNo privilegesNo user interactionVendor advisory ref

Source data as of:

At a glance

Severity
HIGH
CVSS
7.5 v3.1 · NVD
EPSS
0.0044 (35.5 percentile) · FIRST.org
CISA KEV
No
Attack conditions (CVSS vector)
NetworkNo privilegesNo user interaction · Source: NVD Vector
Published
2025-02-27 · Modified: 2026-07-05

CVSS / EPSS / KEV

CVSS v3.1 7.5 / 10 HIGH Source: NVD
EPSS 0.0044 35.5 percentile Source: FIRST.org
CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to utilize insecure versions of the functions strcmp and memcmp, allowing attackers to possibly obtain sensitive information via timing attacks.

Record details

CVE ID
CVE-2024-41335
CVSS (v3.1)
7.5 (HIGH)
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability subscore
3.9
Impact subscore
3.6
EPSS
0.0044 (35.5 percentile) — 2026-07-05
CISA KEV
No
Weakness (CWE)
CWE-203
Affected configurations (CPE)
0
Published
2025-02-27
Modified
2026-07-05
Status
Deferred

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.