Details of VAR-202502-2174

ID

VAR-202502-2174

CVE

CVE-2024-51138

TITLE

plural DrayTek Corporation Stack-based buffer overflow vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2024-024494

DESCRIPTION

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges. vigor3912 firmware, vigor2620 firmware, vigorlte200 firmware etc. DrayTek Corporation The product contains a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-51138 // JVNDB: JVNDB-2024-024494

AFFECTED PRODUCTS

vendor:	draytek	model:	vigor3910	scope:	lt	version:	4.4.3.2	Trust: 1.0
vendor:	draytek	model:	vigor2862	scope:	lt	version:	3.9.9.8	Trust: 1.0
vendor:	draytek	model:	vigor2962	scope:	lt	version:	4.4.3.2	Trust: 1.0
vendor:	draytek	model:	vigor2765	scope:	lt	version:	4.4.5.5	Trust: 1.0
vendor:	draytek	model:	vigor2620	scope:	lt	version:	3.9.9.1	Trust: 1.0
vendor:	draytek	model:	vigor2832	scope:	lt	version:	3.9.9.2	Trust: 1.0
vendor:	draytek	model:	vigor1000b	scope:	lt	version:	4.4.3.2	Trust: 1.0
vendor:	draytek	model:	vigor2763	scope:	lt	version:	4.4.5.5	Trust: 1.0
vendor:	draytek	model:	vigor2766	scope:	lt	version:	4.4.5.5	Trust: 1.0
vendor:	draytek	model:	vigor3910	scope:	gte	version:	4.4.3	Trust: 1.0
vendor:	draytek	model:	vigor3910	scope:	lt	version:	4.3.2.9	Trust: 1.0
vendor:	draytek	model:	vigor2915	scope:	lt	version:	4.4.5	Trust: 1.0
vendor:	draytek	model:	vigor2135	scope:	lt	version:	4.4.5.5	Trust: 1.0
vendor:	draytek	model:	vigor2927	scope:	lt	version:	4.4.5.8	Trust: 1.0
vendor:	draytek	model:	vigor2962	scope:	gte	version:	4.4.3	Trust: 1.0
vendor:	draytek	model:	vigor3220	scope:	lt	version:	3.9.8.5	Trust: 1.0
vendor:	draytek	model:	vigor2860	scope:	lt	version:	3.9.8.3	Trust: 1.0
vendor:	draytek	model:	vigor2962	scope:	lt	version:	4.3.2.9	Trust: 1.0
vendor:	draytek	model:	vigor2865	scope:	lt	version:	4.4.5.8	Trust: 1.0
vendor:	draytek	model:	vigor3912	scope:	lt	version:	4.4.3.2	Trust: 1.0
vendor:	draytek	model:	vigor2952	scope:	lt	version:	3.9.8.5	Trust: 1.0
vendor:	draytek	model:	vigorlte200	scope:	lt	version:	3.9.9.1	Trust: 1.0
vendor:	draytek	model:	vigor2925	scope:	lt	version:	3.9.8.3	Trust: 1.0
vendor:	draytek	model:	vigor2133	scope:	lt	version:	3.9.9.2	Trust: 1.0
vendor:	draytek	model:	vigor2866	scope:	lt	version:	4.4.5.8	Trust: 1.0
vendor:	draytek	model:	vigor2926	scope:	lt	version:	3.9.9.8	Trust: 1.0
vendor:	draytek	model:	vigor2762	scope:	lt	version:	3.9.9.2	Trust: 1.0
vendor:	draytek	model:	vigor2620	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2135	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2926	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2860	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2962	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2762	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2766	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2765	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2862	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2832	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2865	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2927	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigorlte200	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2763	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor3910	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor3912	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2133	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2866	scope:	-	version:	-	Trust: 0.8
vendor:	draytek	model:	vigor2925	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-024494 // NVD: CVE-2024-51138

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-51138
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2024-024494
value:	CRITICAL
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-51138
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-024494
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-024494 // NVD: CVE-2024-51138

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-024494 // NVD: CVE-2024-51138

EXTERNAL IDS

db:	NVD	id:	CVE-2024-51138	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-024494	Trust: 0.8

sources: JVNDB: JVNDB-2024-024494 // NVD: CVE-2024-51138

REFERENCES

url:	http://draytek.com	Trust: 1.8
url:	https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-51138	Trust: 0.8

sources: JVNDB: JVNDB-2024-024494 // NVD: CVE-2024-51138

SOURCES

db:	JVNDB	id:	JVNDB-2024-024494
db:	NVD	id:	CVE-2024-51138

LAST UPDATE DATE

2025-06-06T23:33:03.729000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-024494	date:	2025-06-02T08:34:00
db:	NVD	id:	CVE-2024-51138	date:	2025-05-28T16:41:26.460

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-024494	date:	2025-06-02T00:00:00
db:	NVD	id:	CVE-2024-51138	date:	2025-02-27T21:15:37.023