Our security research team actively investigates vulnerabilities in widely used technologies, with a strong focus on network infrastructure and embedded systems.
Throughout 2024, our researchers reported multiple security issues affecting DrayTek Vigor routers. These findings were responsibly disclosed and assigned CVEs where applicable, contributing to improved security for vendors and users alike.
The vulnerabilities below were identified through manual analysis and security research, covering authentication mechanisms, cryptographic implementations, and core network services.
CVE-2024-41334: Missing SSL certificate validation in DrayTek routers, allowing attackers to upload crafted APPE modules from non-official servers, leading to arbitrary code execution.
CVE-2024-41335: Non-constant time password comparison in DrayTek routers, allowing attackers to potentially obtain sensitive information via timing attacks.
CVE-2024-41336: Insecure password storage in DrayTek routers, where passwords are stored in plaintext.
Predictable 2FA code generation: Several DrayTek Vigor routers generate the two-step authentication code in a predictable way, allowing attackers to bypass this security measure. (CVE denied)
CVE-2024-41338: NULL pointer dereference in the DHCP server of several DrayTek devices, allowing attackers to cause a Denial of Service (DoS) via a crafted DHCP request.
CVE-2024-41339: An issue in the CGI configuration upload endpoint of several DrayTek devices allows attackers to upload a crafted kernel module, leading to arbitrary code execution.
CVE-2024-41340: An issue in several DrayTek devices allows attackers to upload crafted APP Enforcement modules via the signature update endpoint, leading to arbitrary code execution.
CVE-2024-51138: A stack-based buffer overflow in the TR-069 STUN server of DrayTek routers allows a remote attacker to execute arbitrary code with elevated privileges.
CVE-2024-51139: Integer overflow in the CGI POST request handling of DrayTek routers allows a remote attacker to execute arbitrary code via a crafted Content-Length header.
cJSON buffer overflow: Buffer overflow vulnerability affecting Tuya smart devices. CVE assignment pending.
CVE-2026-21639: Stack-based buffer overflow in the airMAX wireless protocol allows a malicious actor within Wi-Fi range to achieve remote code execution on affected Ubiquiti devices.
CVE-2026-21638: Stack-based buffer overflow in the airMAX wireless protocol allows a malicious actor within Wi-Fi range to achieve remote code execution on affected Ubiquiti devices.
