← Back

CVE-2024-51139

nvd nist
Published: Feb 27, 2025Modified: May 28, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests.

Affected (25)

Draytek
23 products
Vigor2620 Firmware
Vigorlte200 Firmware
Vigor2860 Firmware
Vigor2925 Firmware
Vigor2862 Firmware
Vigor2926 Firmware
Vigor2133 Firmware
Vigor2762 Firmware
Vigor2832 Firmware
Vigor2135 Firmware
Vigor2765 Firmware
Vigor2766 Firmware
Vigor2763 Firmware
Vigor2865 Firmware
Vigor2866 Firmware
Vigor2927 Firmware
Vigor2962 Firmware
Vigor3910 Firmware
Vigor3912 Firmware
Vigor2915 Firmware
Vigor1000b Firmware
Vigor2952 Firmware
Vigor3220 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2620 Firmware
Before 3.9.9.1
Running on/withPlatform Versions
Draytek
Vigor2620
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigorlte200 Firmware
Before 3.9.9.1
Running on/withPlatform Versions
Draytek
Vigorlte200
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2860 Firmware
Before 3.9.8.3
Running on/withPlatform Versions
Draytek
Vigor2860
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2925 Firmware
Before 3.9.8.3
Running on/withPlatform Versions
Draytek
Vigor2925
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2862 Firmware
Before 3.9.9.8
Running on/withPlatform Versions
Draytek
Vigor2862
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2926 Firmware
Before 3.9.9.8
Running on/withPlatform Versions
Draytek
Vigor2926
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2133 Firmware
Before 3.9.9.2
Running on/withPlatform Versions
Draytek
Vigor2133
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2762 Firmware
Before 3.9.9.2
Running on/withPlatform Versions
Draytek
Vigor2762
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2832 Firmware
Before 3.9.9.2
Running on/withPlatform Versions
Draytek
Vigor2832
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2135 Firmware
Before 4.4.5.5
Running on/withPlatform Versions
Draytek
Vigor2135
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2765 Firmware
Before 4.4.5.5
Running on/withPlatform Versions
Draytek
Vigor2765
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2766 Firmware
Before 4.4.5.5
Running on/withPlatform Versions
Draytek
Vigor2766
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2763 Firmware
Before 4.4.5.5
Running on/withPlatform Versions
Draytek
Vigor2763
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2865 Firmware
Before 4.4.5.8
Running on/withPlatform Versions
Draytek
Vigor2865
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2866 Firmware
Before 4.4.5.8
Running on/withPlatform Versions
Draytek
Vigor2866
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2927 Firmware
Before 4.4.5.8
Running on/withPlatform Versions
Draytek
Vigor2927
All versions
Configuration Q
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Draytek
Vigor2962 Firmware
Before 4.3.2.9
Vigor2962 Firmware
From 4.4.3 to 4.4.3.2
Running on/withPlatform Versions
Draytek
Vigor2962
All versions
Configuration R
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Draytek
Vigor3910 Firmware
Before 4.3.2.9
Vigor3910 Firmware
From 4.4.3 to 4.4.3.2
Running on/withPlatform Versions
Draytek
Vigor3910
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor3912 Firmware
Before 4.4.3.2
Running on/withPlatform Versions
Draytek
Vigor3912
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2915 Firmware
Before 4.4.5
Running on/withPlatform Versions
Draytek
Vigor2915
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor1000b Firmware
Before 4.4.3.2
Running on/withPlatform Versions
Draytek
Vigor1000b
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor2952 Firmware
Before 3.9.8.5
Running on/withPlatform Versions
Draytek
Vigor2952
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vigor3220 Firmware
Before 3.9.8.5
Running on/withPlatform Versions
Draytek
Vigor3220
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Third Party Advisory

Timeline

No history available yet.