CVE-2024-51138
Summary
| CVE | CVE-2024-51138 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-02-27 21:15:37 UTC |
| Updated | 2026-07-05 01:21:01 UTC |
| Description | Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from ADP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Problem Types: CWE-121 | n/a | CWE-121 CWE-121 Stack-based Buffer Overflow
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Draytek | Vigor2133 | - | All | All | All |
| Operating System | Draytek | Vigor2133 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2135 | - | All | All | All |
| Operating System | Draytek | Vigor2135 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2620 | - | All | All | All |
| Operating System | Draytek | Vigor2620 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2762 | - | All | All | All |
| Operating System | Draytek | Vigor2762 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2763 | - | All | All | All |
| Operating System | Draytek | Vigor2763 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2765 | - | All | All | All |
| Operating System | Draytek | Vigor2765 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2766 | - | All | All | All |
| Operating System | Draytek | Vigor2766 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2832 | - | All | All | All |
| Operating System | Draytek | Vigor2832 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2860 | - | All | All | All |
| Operating System | Draytek | Vigor2860 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2862 | - | All | All | All |
| Operating System | Draytek | Vigor2862 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2865 | - | All | All | All |
| Operating System | Draytek | Vigor2865 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2866 | - | All | All | All |
| Operating System | Draytek | Vigor2866 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2925 | - | All | All | All |
| Operating System | Draytek | Vigor2925 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2926 | - | All | All | All |
| Operating System | Draytek | Vigor2926 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor2927 | - | All | All | All |
| Operating System | Draytek | Vigor2927 Firmware | All | All | All | All |
| Operating System | Draytek | Vigor2962 Firmware | All | All | All | All |
| Hardware | Draytek | Vigor3912 | - | All | All | All |
| Operating System | Draytek | Vigor3912 Firmware | All | All | All | All |
| Hardware | Draytek | Vigorlte200 | - | All | All | All |
| Operating System | Draytek | Vigorlte200 Firmware | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-r... | [email protected] | medium.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.