CVE-2024-51138

EPSS 0.93%
Veröffentlicht 27.02.2025 21:15:37
Zuletzt bearbeitet 28.05.2025 16:41:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Draytek ≫ Vigor3912 Firmware Version < 4.4.3.2

Draytek ≫ Vigor3912 Version-

Draytek ≫ Vigor2620 Firmware Version < 3.9.9.1

Draytek ≫ Vigor2620 Version-

Draytek ≫ Vigorlte200 Firmware Version < 3.9.9.1

Draytek ≫ Vigorlte200 Version-

Draytek ≫ Vigor2860 Firmware Version < 3.9.8.3

Draytek ≫ Vigor2860 Version-

Draytek ≫ Vigor2925 Firmware Version < 3.9.8.3

Draytek ≫ Vigor2925 Version-

Draytek ≫ Vigor2862 Firmware Version < 3.9.9.8

Draytek ≫ Vigor2862 Version-

Draytek ≫ Vigor2926 Firmware Version < 3.9.9.8

Draytek ≫ Vigor2926 Version-

Draytek ≫ Vigor2133 Firmware Version < 3.9.9.2

Draytek ≫ Vigor2133 Version-

Draytek ≫ Vigor2762 Firmware Version < 3.9.9.2

Draytek ≫ Vigor2762 Version-

Draytek ≫ Vigor2832 Firmware Version < 3.9.9.2

Draytek ≫ Vigor2832 Version-

Draytek ≫ Vigor2135 Firmware Version < 4.4.5.5

Draytek ≫ Vigor2135 Version-

Draytek ≫ Vigor2765 Firmware Version < 4.4.5.5

Draytek ≫ Vigor2765 Version-

Draytek ≫ Vigor2766 Firmware Version < 4.4.5.5

Draytek ≫ Vigor2766 Version-

Draytek ≫ Vigor2763 Firmware Version < 4.4.5.5

Draytek ≫ Vigor2763 Version-

Draytek ≫ Vigor2865 Firmware Version < 4.4.5.8

Draytek ≫ Vigor2865 Version-

Draytek ≫ Vigor2866 Firmware Version < 4.4.5.8

Draytek ≫ Vigor2866 Version-

Draytek ≫ Vigor2927 Firmware Version < 4.4.5.8

Draytek ≫ Vigor2927 Version-

Draytek ≫ Vigor2962 Firmware Version < 4.3.2.9

Draytek ≫ Vigor2962 Version-

Draytek ≫ Vigor2962 Firmware Version >= 4.4.3 < 4.4.3.2

Draytek ≫ Vigor2962 Version-

Draytek ≫ Vigor3910 Firmware Version < 4.3.2.9

Draytek ≫ Vigor3910 Version-

Draytek ≫ Vigor3910 Firmware Version >= 4.4.3 < 4.4.3.2

Draytek ≫ Vigor3910 Version-

Draytek ≫ Vigor2915 Firmware Version < 4.4.5

Draytek ≫ Vigor2915 Version-

Draytek ≫ Vigor1000b Firmware Version < 4.4.3.2

Draytek ≫ Vigor1000b Version-

Draytek ≫ Vigor2952 Firmware Version < 3.9.8.5

Draytek ≫ Vigor2952 Version-

Draytek ≫ Vigor3220 Firmware Version < 3.9.8.5

Draytek ≫ Vigor3220 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.93%	0.757

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

http://draytek.com

Product

https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-51138

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-51138

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-51138

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-51138