ID

VAR-202502-2174


CVE

CVE-2024-51138


TITLE

plural  DrayTek Corporation  Stack-based buffer overflow vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2024-024494

DESCRIPTION

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges. vigor3912 firmware, vigor2620 firmware, vigorlte200 firmware etc. DrayTek Corporation The product contains a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-51138 // JVNDB: JVNDB-2024-024494

AFFECTED PRODUCTS

vendor:draytekmodel:vigor3910scope:ltversion:4.4.3.2

Trust: 1.0

vendor:draytekmodel:vigor2862scope:ltversion:3.9.9.8

Trust: 1.0

vendor:draytekmodel:vigor2962scope:ltversion:4.4.3.2

Trust: 1.0

vendor:draytekmodel:vigor2765scope:ltversion:4.4.5.5

Trust: 1.0

vendor:draytekmodel:vigor2620scope:ltversion:3.9.9.1

Trust: 1.0

vendor:draytekmodel:vigor2832scope:ltversion:3.9.9.2

Trust: 1.0

vendor:draytekmodel:vigor1000bscope:ltversion:4.4.3.2

Trust: 1.0

vendor:draytekmodel:vigor2763scope:ltversion:4.4.5.5

Trust: 1.0

vendor:draytekmodel:vigor2766scope:ltversion:4.4.5.5

Trust: 1.0

vendor:draytekmodel:vigor3910scope:gteversion:4.4.3

Trust: 1.0

vendor:draytekmodel:vigor3910scope:ltversion:4.3.2.9

Trust: 1.0

vendor:draytekmodel:vigor2915scope:ltversion:4.4.5

Trust: 1.0

vendor:draytekmodel:vigor2135scope:ltversion:4.4.5.5

Trust: 1.0

vendor:draytekmodel:vigor2927scope:ltversion:4.4.5.8

Trust: 1.0

vendor:draytekmodel:vigor2962scope:gteversion:4.4.3

Trust: 1.0

vendor:draytekmodel:vigor3220scope:ltversion:3.9.8.5

Trust: 1.0

vendor:draytekmodel:vigor2860scope:ltversion:3.9.8.3

Trust: 1.0

vendor:draytekmodel:vigor2962scope:ltversion:4.3.2.9

Trust: 1.0

vendor:draytekmodel:vigor2865scope:ltversion:4.4.5.8

Trust: 1.0

vendor:draytekmodel:vigor3912scope:ltversion:4.4.3.2

Trust: 1.0

vendor:draytekmodel:vigor2952scope:ltversion:3.9.8.5

Trust: 1.0

vendor:draytekmodel:vigorlte200scope:ltversion:3.9.9.1

Trust: 1.0

vendor:draytekmodel:vigor2925scope:ltversion:3.9.8.3

Trust: 1.0

vendor:draytekmodel:vigor2133scope:ltversion:3.9.9.2

Trust: 1.0

vendor:draytekmodel:vigor2866scope:ltversion:4.4.5.8

Trust: 1.0

vendor:draytekmodel:vigor2926scope:ltversion:3.9.9.8

Trust: 1.0

vendor:draytekmodel:vigor2762scope:ltversion:3.9.9.2

Trust: 1.0

vendor:draytekmodel:vigor2620scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2135scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2926scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2860scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2962scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2762scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2766scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2765scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2862scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2832scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2865scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2927scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigorlte200scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2763scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor3910scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor3912scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2133scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2866scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2925scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-024494 // NVD: CVE-2024-51138

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-51138
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-024494
value: CRITICAL

Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-51138
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-024494
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-024494 // NVD: CVE-2024-51138

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-024494 // NVD: CVE-2024-51138

EXTERNAL IDS

db:NVDid:CVE-2024-51138

Trust: 2.6

db:JVNDBid:JVNDB-2024-024494

Trust: 0.8

sources: JVNDB: JVNDB-2024-024494 // NVD: CVE-2024-51138

REFERENCES

url:http://draytek.com

Trust: 1.8

url:https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-51138

Trust: 0.8

sources: JVNDB: JVNDB-2024-024494 // NVD: CVE-2024-51138

SOURCES

db:JVNDBid:JVNDB-2024-024494
db:NVDid:CVE-2024-51138

LAST UPDATE DATE

2025-06-06T23:33:03.729000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-024494date:2025-06-02T08:34:00
db:NVDid:CVE-2024-51138date:2025-05-28T16:41:26.460

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-024494date:2025-06-02T00:00:00
db:NVDid:CVE-2024-51138date:2025-02-27T21:15:37.023