TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2024-51138

CRITICAL
9.8

Beschreibung

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges.

CVE Details

CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/27/2025
Zuletzt geandert5/28/2025
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

draytek:vigor1000bdraytek:vigor1000b_firmwaredraytek:vigor2133draytek:vigor2133_firmwaredraytek:vigor2135draytek:vigor2135_firmwaredraytek:vigor2620draytek:vigor2620_firmwaredraytek:vigor2762draytek:vigor2762_firmwaredraytek:vigor2763draytek:vigor2763_firmwaredraytek:vigor2765draytek:vigor2765_firmwaredraytek:vigor2766draytek:vigor2766_firmwaredraytek:vigor2832draytek:vigor2832_firmwaredraytek:vigor2860draytek:vigor2860_firmwaredraytek:vigor2862draytek:vigor2862_firmwaredraytek:vigor2865draytek:vigor2865_firmwaredraytek:vigor2866draytek:vigor2866_firmwaredraytek:vigor2915draytek:vigor2915_firmwaredraytek:vigor2925draytek:vigor2925_firmwaredraytek:vigor2926draytek:vigor2926_firmwaredraytek:vigor2927draytek:vigor2927_firmwaredraytek:vigor2952draytek:vigor2952_firmwaredraytek:vigor2962draytek:vigor2962_firmwaredraytek:vigor3220draytek:vigor3220_firmwaredraytek:vigor3910draytek:vigor3910_firmwaredraytek:vigor3912draytek:vigor3912_firmwaredraytek:vigorlte200draytek:vigorlte200_firmware

Schwachen (CWE)

CWE-121

Referenzen

http://draytek.com(cve@mitre.org)
https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.