CVE-2024-41336: Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior...
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to store passwords in plaintext.
Security readout for executives and security teams
Plain-English summary
Several DrayTek router families stored passwords in plaintext before the listed firmware versions. If an attacker can access the relevant stored data, credentials could be exposed directly. This is primarily a confidentiality risk, not an integrity or availability issue based on the CVSS vector.
Executive priority
Treat this as a high-priority network edge remediation item. Routers often hold sensitive administrative or connectivity credentials, and plaintext storage can turn device access into broader credential compromise.
Technical view
CVE-2024-41336 is a CWE-256 plaintext password storage issue affecting listed DrayTek Vigor models before specific firmware releases. CVSS 3.1 is 7.5 with network attack vector, low complexity, no privileges, no user interaction, and high confidentiality impact.
Likely exposure
Organizations using affected DrayTek Vigor routers, especially internet-facing or remotely managed devices, should assume possible exposure until firmware versions are inventoried and checked against the CVE record.
Exploitation context
The provided sources do not show CISA KEV listing or active exploitation. The risk is credential disclosure from plaintext storage, but the bundle does not provide exploit mechanics or confirmed exploitation in the wild.
Researcher notes
The source bundle identifies affected model families and version thresholds but does not include detailed exploit paths. Avoid assuming broader DrayTek impact beyond the listed models and versions. KEV is false in the provided data.
Mitigation direction
Inventory DrayTek Vigor models and firmware versions listed in the CVE.
Upgrade affected devices to the listed fixed or later firmware versions where available.
Check DrayTek vendor guidance for model-specific firmware and remediation instructions.
Restrict router administration access to trusted management networks.
Review and rotate credentials that may have been stored on affected devices.
Validation and detection
Compare device model and firmware against the CVE affected-version list.
Confirm firmware is at or above the listed non-affected version for each model.
Review configuration and backup handling for exposed plaintext credentials.
Check whether remote administration is enabled or reachable from untrusted networks.
Document compensating controls where immediate firmware updates are not possible.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-256: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-256 · source CWE mapping
Plaintext Storage of a Password
Plaintext Storage of a Password represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.