Draytek Vigor Series NULL Pointer Dereference Vulnerability Leading to Denial-of-Service

A NULL pointer dereference vulnerability has been identified in several Draytek Vigor router models, allowing attackers to cause a Denial-of-Service (DoS) condition by sending a crafted DHCP request. This vulnerability affects the Vigor 165/166 models prior to version 4.2.6, Vigor 2620/LTE200 models prior to version 3.9.8.8, Vigor 2860/2925 models prior to version 3.9.7, Vigor 2862/2926 models prior to version 3.9.9.4, and Vigor 2133/2762/2832 models prior to version 3.9.8. Additionally, Vigor 2135/2765/2766 models prior to version 4.4.5.1, Vigor 2865/2866/2927 models prior to version 4.4.5.3, Vigor 2962/3910 models prior to version 4.3.2.7, and Vigor 3912 models prior to version 4.3.5.2 are also affected. Vigor 2925 models up to version 3.9.6 are vulnerable as well.

Impact

Exploitation of this vulnerability leads to a Denial-of-Service condition, causing the device to become unresponsive or unavailable.