← Back

CVE-2024-51138

nvd nist
Published: Feb 27, 2025Modified: May 28, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges.

Affected (25)

Draytek
23 products
Vigor3912 Firmware
Vigor2620 Firmware
Vigorlte200 Firmware
Vigor2860 Firmware
Vigor2925 Firmware
Vigor2862 Firmware
Vigor2926 Firmware
Vigor2133 Firmware
Vigor2762 Firmware
Vigor2832 Firmware
Vigor2135 Firmware
Vigor2765 Firmware
Vigor2766 Firmware
Vigor2763 Firmware
Vigor2865 Firmware
Vigor2866 Firmware
Vigor2927 Firmware
Vigor2962 Firmware
Vigor3910 Firmware
Vigor2915 Firmware
Vigor1000b Firmware
Vigor2952 Firmware
Vigor3220 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor3912 Firmware
Before 4.4.3.2
Running on/withPlatform Versions
Draytek
Vigor3912
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2620 Firmware
Before 3.9.9.1
Running on/withPlatform Versions
Draytek
Vigor2620
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigorlte200 Firmware
Before 3.9.9.1
Running on/withPlatform Versions
Draytek
Vigorlte200
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2860 Firmware
Before 3.9.8.3
Running on/withPlatform Versions
Draytek
Vigor2860
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2925 Firmware
Before 3.9.8.3
Running on/withPlatform Versions
Draytek
Vigor2925
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2862 Firmware
Before 3.9.9.8
Running on/withPlatform Versions
Draytek
Vigor2862
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2926 Firmware
Before 3.9.9.8
Running on/withPlatform Versions
Draytek
Vigor2926
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2133 Firmware
Before 3.9.9.2
Running on/withPlatform Versions
Draytek
Vigor2133
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2762 Firmware
Before 3.9.9.2
Running on/withPlatform Versions
Draytek
Vigor2762
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2832 Firmware
Before 3.9.9.2
Running on/withPlatform Versions
Draytek
Vigor2832
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2135 Firmware
Before 4.4.5.5
Running on/withPlatform Versions
Draytek
Vigor2135
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2765 Firmware
Before 4.4.5.5
Running on/withPlatform Versions
Draytek
Vigor2765
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2766 Firmware
Before 4.4.5.5
Running on/withPlatform Versions
Draytek
Vigor2766
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2763 Firmware
Before 4.4.5.5
Running on/withPlatform Versions
Draytek
Vigor2763
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2865 Firmware
Before 4.4.5.8
Running on/withPlatform Versions
Draytek
Vigor2865
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2866 Firmware
Before 4.4.5.8
Running on/withPlatform Versions
Draytek
Vigor2866
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2927 Firmware
Before 4.4.5.8
Running on/withPlatform Versions
Draytek
Vigor2927
All versions
Configuration R
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Draytek
Vigor2962 Firmware
Before 4.3.2.9
Vigor2962 Firmware
From 4.4.3 to 4.4.3.2
Running on/withPlatform Versions
Draytek
Vigor2962
All versions
Configuration S
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Draytek
Vigor3910 Firmware
Before 4.3.2.9
Vigor3910 Firmware
From 4.4.3 to 4.4.3.2
Running on/withPlatform Versions
Draytek
Vigor3910
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2915 Firmware
Before 4.4.5
Running on/withPlatform Versions
Draytek
Vigor2915
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor1000b Firmware
Before 4.4.3.2
Running on/withPlatform Versions
Draytek
Vigor1000b
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2952 Firmware
Before 3.9.8.5
Running on/withPlatform Versions
Draytek
Vigor2952
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor3220 Firmware
Before 3.9.8.5
Running on/withPlatform Versions
Draytek
Vigor3220
All versions

Related CWEs

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References (2)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Third Party Advisory

Timeline

No history available yet.