ID

VAR-202502-3527


CVE

CVE-2024-51139


TITLE

plural  DrayTek Corporation  Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2024-024338

DESCRIPTION

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests. vigor2620 firmware, vigorlte200 firmware, vigor2860 firmware etc. DrayTek Corporation The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-51139 // JVNDB: JVNDB-2024-024338

AFFECTED PRODUCTS

vendor:draytekmodel:vigor1000bscope:ltversion:4.4.3.2

Trust: 1.0

vendor:draytekmodel:vigor2926scope:ltversion:3.9.9.8

Trust: 1.0

vendor:draytekmodel:vigor2862scope:ltversion:3.9.9.8

Trust: 1.0

vendor:draytekmodel:vigor2133scope:ltversion:3.9.9.2

Trust: 1.0

vendor:draytekmodel:vigor2765scope:ltversion:4.4.5.5

Trust: 1.0

vendor:draytekmodel:vigor2865scope:ltversion:4.4.5.8

Trust: 1.0

vendor:draytekmodel:vigor2927scope:ltversion:4.4.5.8

Trust: 1.0

vendor:draytekmodel:vigor3910scope:gteversion:4.4.3

Trust: 1.0

vendor:draytekmodel:vigor2962scope:gteversion:4.4.3

Trust: 1.0

vendor:draytekmodel:vigor2763scope:ltversion:4.4.5.5

Trust: 1.0

vendor:draytekmodel:vigor2766scope:ltversion:4.4.5.5

Trust: 1.0

vendor:draytekmodel:vigor3912scope:ltversion:4.4.3.2

Trust: 1.0

vendor:draytekmodel:vigor2832scope:ltversion:3.9.9.2

Trust: 1.0

vendor:draytekmodel:vigor2860scope:ltversion:3.9.8.3

Trust: 1.0

vendor:draytekmodel:vigor2762scope:ltversion:3.9.9.2

Trust: 1.0

vendor:draytekmodel:vigor2962scope:ltversion:4.4.3.2

Trust: 1.0

vendor:draytekmodel:vigorlte200scope:ltversion:3.9.9.1

Trust: 1.0

vendor:draytekmodel:vigor2135scope:ltversion:4.4.5.5

Trust: 1.0

vendor:draytekmodel:vigor2925scope:ltversion:3.9.8.3

Trust: 1.0

vendor:draytekmodel:vigor2962scope:ltversion:4.3.2.9

Trust: 1.0

vendor:draytekmodel:vigor2866scope:ltversion:4.4.5.8

Trust: 1.0

vendor:draytekmodel:vigor2620scope:ltversion:3.9.9.1

Trust: 1.0

vendor:draytekmodel:vigor3910scope:ltversion:4.4.3.2

Trust: 1.0

vendor:draytekmodel:vigor2915scope:ltversion:4.4.5

Trust: 1.0

vendor:draytekmodel:vigor3220scope:ltversion:3.9.8.5

Trust: 1.0

vendor:draytekmodel:vigor3910scope:ltversion:4.3.2.9

Trust: 1.0

vendor:draytekmodel:vigor2952scope:ltversion:3.9.8.5

Trust: 1.0

vendor:draytekmodel:vigor2862scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2927scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2133scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2763scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2925scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2135scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2620scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2765scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2866scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2962scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2766scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor3910scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2860scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2926scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2832scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigorlte200scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2762scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2865scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-024338 // NVD: CVE-2024-51139

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-51139
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-024338
value: CRITICAL

Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-51139
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-024338
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-024338 // NVD: CVE-2024-51139

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-024338 // NVD: CVE-2024-51139

EXTERNAL IDS

db:NVDid:CVE-2024-51139

Trust: 2.6

db:JVNDBid:JVNDB-2024-024338

Trust: 0.8

sources: JVNDB: JVNDB-2024-024338 // NVD: CVE-2024-51139

REFERENCES

url:http://draytek.com

Trust: 1.8

url:https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-51139

Trust: 0.8

sources: JVNDB: JVNDB-2024-024338 // NVD: CVE-2024-51139

SOURCES

db:JVNDBid:JVNDB-2024-024338
db:NVDid:CVE-2024-51139

LAST UPDATE DATE

2025-05-30T23:29:21.699000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-024338date:2025-05-29T05:34:00
db:NVDid:CVE-2024-51139date:2025-05-28T16:23:26.310

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-024338date:2025-05-29T00:00:00
db:NVDid:CVE-2024-51139date:2025-02-27T21:15:37.123