CVE-2024-51139 — CRITICAL (9.8)

Q: How severe is CVE-2024-51139?

CVE-2024-51139 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-51139?

Check the references section above for vendor advisories and patch information. Affected products include: Draytek Vigor2620 Firmware, Draytek Vigor2620, Draytek Vigorlte200 Firmware, Draytek Vigorlte200, Draytek Vigor2860 Firmware.

Vulnerability Description

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Draytek	Vigor2620 Firmware	< 3.9.9.1
Draytek	Vigor2620	-
Draytek	Vigorlte200 Firmware	< 3.9.9.1
Draytek	Vigorlte200	-
Draytek	Vigor2860 Firmware	< 3.9.8.3
Draytek	Vigor2860	-
Draytek	Vigor2925 Firmware	< 3.9.8.3
Draytek	Vigor2925	-
Draytek	Vigor2862 Firmware	< 3.9.9.8
Draytek	Vigor2862	-
Draytek	Vigor2926 Firmware	< 3.9.9.8
Draytek	Vigor2926	-
Draytek	Vigor2133 Firmware	< 3.9.9.2
Draytek	Vigor2133	-
Draytek	Vigor2762 Firmware	< 3.9.9.2
Draytek	Vigor2762	-
Draytek	Vigor2832 Firmware	< 3.9.9.2
Draytek	Vigor2832	-
Draytek	Vigor2135 Firmware	< 4.4.5.5
Draytek	Vigor2135	-

Related Weaknesses (CWE)

CWE-120

References

http://draytek.comProduct
https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-rThird Party Advisory

FAQ

What is CVE-2024-51139?

CVE-2024-51139 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165...

How severe is CVE-2024-51139?

CVE-2024-51139 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-51139?

Check the references section above for vendor advisories and patch information. Affected products include: Draytek Vigor2620 Firmware, Draytek Vigor2620, Draytek Vigorlte200 Firmware, Draytek Vigorlte200, Draytek Vigor2860 Firmware.