CVE-2024-51138

CRITICAL

DrayTek Vigor Routers - Stack-based Buffer Overflow in TR069 STUN Server URL Parsing

Title source: llm

Description

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges.

References (2)

Core 2

Core References

Product

http://draytek.com

Third Party Advisory

https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946

Scores

CVSS v3 9.8

EPSS 0.0114

EPSS Percentile 62.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-121

Status published

Products (23)

draytek/vigor1000b_firmware < 4.4.3.2

draytek/vigor2133_firmware < 3.9.9.2

draytek/vigor2135_firmware < 4.4.5.5

draytek/vigor2620_firmware < 3.9.9.1

draytek/vigor2762_firmware < 3.9.9.2

draytek/vigor2763_firmware < 4.4.5.5

draytek/vigor2765_firmware < 4.4.5.5

draytek/vigor2766_firmware < 4.4.5.5

draytek/vigor2832_firmware < 3.9.9.2

draytek/vigor2860_firmware < 3.9.8.3

... and 13 more

Published Feb 27, 2025

Tracked Since Feb 18, 2026