CVE-2024-51138

{"id": "CVE-2024-51138", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-02-27T21:15:37.023", "references": [{"url": "http://draytek.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de desbordamiento de b\u00fafer basada en pila en la funcionalidad de an\u00e1lisis de URL del servidor STUN TR069. Vigor165/166 4.2.7 y anteriores; Vigor2620/LTE200 3.9.8.9 y anteriores; Vigor2860/2925 3.9.8 y anteriores; Vigor2862/2926 3.9.9.5 y anteriores; Vigor2133/2762/2832 3.9.9 y anteriores; Vigor2135/2765/2766 4.4.5. y anteriores; Vigor2865/2866/2927 4.4.5.3 y anteriores; Vigor2962 4.3.2.8 y anteriores; Vigor3912 4.3.6.1 y anteriores; Vigor3910 4.4.3.1 y anteriores se ha identificado una vulnerabilidad de desbordamiento de b\u00fafer basada en pila en la funcionalidad de an\u00e1lisis de URL del servidor STUN TR069. Esta falla se produce debido a una verificaci\u00f3n insuficiente de los l\u00edmites de la cantidad de par\u00e1metros de URL, lo que permite a un atacante aprovechar el desbordamiento mediante el env\u00edo de una solicitud manipulada con fines malintencionados. En consecuencia, un atacante remoto puede ejecutar c\u00f3digo arbitrario con privilegios elevados."}], "lastModified": "2025-05-28T16:41:26.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AD4EA0F-391C-4A2E-B5CD-0D0689C36F20", "versionEndExcluding": "4.4.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "282E5318-DAA8-4AA2-8E7D-4B8BD9162153"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5485DD5C-12A3-4289-8196-43FFB3DF8B06", "versionEndExcluding": "3.9.9.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D98663B-F2F5-4ADC-9FD5-75846890EEBA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80EC4363-A351-4117-96CE-1F8B4748FCAC", "versionEndExcluding": "3.9.9.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4DBF2015-9315-44C8-A9FE-E86146F1958E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "519DD534-4B4A-48A4-9C5D-FB197DC5C777", "versionEndExcluding": "3.9.8.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "266C73DE-BFC6-4F3E-B022-559B3971CA44"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFCA64D1-9731-4990-AD61-F673D41716BE", "versionEndExcluding": "3.9.8.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7536B29C-2030-4331-B8BF-D269D86D199B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2821747D-FDE2-47FA-B352-70F6FBE0473D", "versionEndExcluding": "3.9.9.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADD3195E-BA40-40B3-AF13-64AFF4890EE4", "versionEndExcluding": "3.9.9.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AF1B117B-603D-493C-A804-C18ED332A221"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F53804E7-59F0-4328-A732-9A14EB076E87", "versionEndExcluding": "3.9.9.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1878E59C-FB40-435D-940A-8952C56FA88B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42C4DE6D-EE26-4445-8F57-0DCEC311A6A2", "versionEndExcluding": "3.9.9.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3873B2B9-95C1-4F00-9165-7C4D2A90CDE5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC78800A-438E-4B67-B3A5-F18D10F5D9B5", "versionEndExcluding": "3.9.9.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B0978465-D59F-4C0A-A29F-5D7BE58BA557"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CBCFE34-3027-4DBB-9214-4CC891865F25", "versionEndExcluding": "4.4.5.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "162BD269-E656-4A91-9E8C-A5E26A646B2D", "versionEndExcluding": "4.4.5.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "60657812-D3A8-4B1B-B7BE-F629991CB053"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9695AA4E-EC4A-4F02-BFCD-5308CBE19510", "versionEndExcluding": "4.4.5.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C0AB3C84-67CA-4531-85FB-1A56F3C93ABF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ECD7087-34D5-4841-97D1-B9F361327016", "versionEndExcluding": "4.4.5.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9EA9DF5D-6651-455A-9305-C42C0FF51F01"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45D6CD9B-5252-4541-9745-3F4E4D0C5C82", "versionEndExcluding": "4.4.5.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "871448C6-9183-4828-A287-05F5EC6A44F6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F40A5ACD-BC60-4C97-BF7D-6B609A1D99E6", "versionEndExcluding": "4.4.5.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2927_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74715D2C-FDF6-4882-A57A-327014FCC1CB", "versionEndExcluding": "4.4.5.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2927:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12460F51-25AB-4EA9-BC43-9CE8DA992D75"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "093FCEE3-FEAA-4DA5-AD20-206D3822C63F", "versionEndExcluding": "4.3.2.9"}, {"criteria": "cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94AD7401-FE5B-4E5F-9469-DEDB101C6990", "versionEndExcluding": "4.4.3.2", "versionStartIncluding": "4.4.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD0C9A21-7CFE-452F-8505-834AB8579D9B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "529BDB13-03F3-4EF4-A15C-4EF2467DF5AE", "versionEndExcluding": "4.3.2.9"}, {"criteria": "cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F18DFF3-93B4-462C-908E-99C243EFFA2F", "versionEndExcluding": "4.4.3.2", "versionStartIncluding": "4.4.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "894E4DDA-D9BE-441D-B447-B1CE52959347"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A876E867-03E8-470E-A830-C0C5FBCCB257", "versionEndExcluding": "4.4.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5860CBE4-328E-418D-9E81-1D3AF7DB8F2B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B75C80CA-401A-4228-98F9-D27E529DC32D", "versionEndExcluding": "4.4.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9FF86645-253A-4BA3-BA2A-2725575C390D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F39C5A58-E6F1-4BA5-B321-7EA78F8DC7A6", "versionEndExcluding": "3.9.8.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "167336E2-AAA8-4424-AB07-2D7C9E1542B3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85DA10A6-CA24-4D03-B4DC-CC9A33D7E22D", "versionEndExcluding": "3.9.8.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "64955940-3998-4B76-92D1-D9F3FAB874B4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}