CVE-2024-51139 (GCVE-0-2024-51139)
Vulnerability from cvelistv5
Published
2025-02-27 00:00
Modified
2025-02-28 17:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://draytek.com | Product | |
| cve@mitre.org | https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946 | Third Party Advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T16:59:54.401854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T17:23:14.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser\u0027s handling of the \"Content-Length\" header of HTTP POST requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:47:37.278Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://draytek.com"
},
{
"url": "https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-51139",
"datePublished": "2025-02-27T00:00:00.000Z",
"dateReserved": "2024-10-28T00:00:00.000Z",
"dateUpdated": "2025-02-28T17:23:14.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-51139\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-02-27T21:15:37.123\",\"lastModified\":\"2025-05-28T16:23:26.310\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser\u0027s handling of the \\\"Content-Length\\\" header of HTTP POST requests.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de desbordamiento de b\u00fafer en Vigor2620/LTE200 3.9.8.9 y anteriores y Vigor2860/2925 3.9.8 y anteriores y Vigor2862/2926 3.9.9.5 y anteriores y Vigor2133/2762/2832 3.9.9 y anteriores y Vigor165/166 4.2.7 y anteriores y Vigor2135/2765/2766 4.4.5.1 y anteriores y Vigor2865/2866/2927 4.4.5.3 y anteriores y Vigor2962/3910 4.3.2.8/4.4.3.1 y anteriores y Vigor3912 4.3.6.1 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la gesti\u00f3n del analizador CGI de \\\"Content-Length\\\". encabezado de solicitudes HTTP POST.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2620_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.9.9.1\",\"matchCriteriaId\":\"5485DD5C-12A3-4289-8196-43FFB3DF8B06\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2620:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D98663B-F2F5-4ADC-9FD5-75846890EEBA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigorlte200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.9.9.1\",\"matchCriteriaId\":\"80EC4363-A351-4117-96CE-1F8B4748FCAC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigorlte200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DBF2015-9315-44C8-A9FE-E86146F1958E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2860_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.9.8.3\",\"matchCriteriaId\":\"519DD534-4B4A-48A4-9C5D-FB197DC5C777\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2860:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"266C73DE-BFC6-4F3E-B022-559B3971CA44\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2925_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.9.8.3\",\"matchCriteriaId\":\"FFCA64D1-9731-4990-AD61-F673D41716BE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2925:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7536B29C-2030-4331-B8BF-D269D86D199B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2862_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.9.9.8\",\"matchCriteriaId\":\"2821747D-FDE2-47FA-B352-70F6FBE0473D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2862:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B01EDAE-BB9E-4431-BE8C-6505BA7CA42D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2926_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.9.9.8\",\"matchCriteriaId\":\"ADD3195E-BA40-40B3-AF13-64AFF4890EE4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2926:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF1B117B-603D-493C-A804-C18ED332A221\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2133_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.9.9.2\",\"matchCriteriaId\":\"F53804E7-59F0-4328-A732-9A14EB076E87\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2133:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1878E59C-FB40-435D-940A-8952C56FA88B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2762_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.9.9.2\",\"matchCriteriaId\":\"42C4DE6D-EE26-4445-8F57-0DCEC311A6A2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2762:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3873B2B9-95C1-4F00-9165-7C4D2A90CDE5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2832_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.9.9.2\",\"matchCriteriaId\":\"FC78800A-438E-4B67-B3A5-F18D10F5D9B5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2832:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0978465-D59F-4C0A-A29F-5D7BE58BA557\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2135_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.5.5\",\"matchCriteriaId\":\"5CBCFE34-3027-4DBB-9214-4CC891865F25\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2135:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEDC8A7F-08CF-44D2-A9A5-A1353AF35B45\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2765_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.5.5\",\"matchCriteriaId\":\"162BD269-E656-4A91-9E8C-A5E26A646B2D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2765:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60657812-D3A8-4B1B-B7BE-F629991CB053\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2766_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.5.5\",\"matchCriteriaId\":\"9695AA4E-EC4A-4F02-BFCD-5308CBE19510\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2766:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0AB3C84-67CA-4531-85FB-1A56F3C93ABF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2763_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.5.5\",\"matchCriteriaId\":\"7ECD7087-34D5-4841-97D1-B9F361327016\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2763:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EA9DF5D-6651-455A-9305-C42C0FF51F01\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2865_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.5.8\",\"matchCriteriaId\":\"45D6CD9B-5252-4541-9745-3F4E4D0C5C82\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2865:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"871448C6-9183-4828-A287-05F5EC6A44F6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2866_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.5.8\",\"matchCriteriaId\":\"F40A5ACD-BC60-4C97-BF7D-6B609A1D99E6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2866:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D0D2760-739F-4C79-AEDC-8B2CCCA2FF53\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2927_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.5.8\",\"matchCriteriaId\":\"74715D2C-FDF6-4882-A57A-327014FCC1CB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2927:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12460F51-25AB-4EA9-BC43-9CE8DA992D75\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3.2.9\",\"matchCriteriaId\":\"093FCEE3-FEAA-4DA5-AD20-206D3822C63F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2962_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4.3\",\"versionEndExcluding\":\"4.4.3.2\",\"matchCriteriaId\":\"94AD7401-FE5B-4E5F-9469-DEDB101C6990\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2962:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD0C9A21-7CFE-452F-8505-834AB8579D9B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3.2.9\",\"matchCriteriaId\":\"529BDB13-03F3-4EF4-A15C-4EF2467DF5AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor3910_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4.3\",\"versionEndExcluding\":\"4.4.3.2\",\"matchCriteriaId\":\"6F18DFF3-93B4-462C-908E-99C243EFFA2F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor3910:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"894E4DDA-D9BE-441D-B447-B1CE52959347\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor3912_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.3.2\",\"matchCriteriaId\":\"6AD4EA0F-391C-4A2E-B5CD-0D0689C36F20\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor3912:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"282E5318-DAA8-4AA2-8E7D-4B8BD9162153\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2915_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.5\",\"matchCriteriaId\":\"A876E867-03E8-470E-A830-C0C5FBCCB257\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2915:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5860CBE4-328E-418D-9E81-1D3AF7DB8F2B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor1000b_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.4.3.2\",\"matchCriteriaId\":\"B75C80CA-401A-4228-98F9-D27E529DC32D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor1000b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FF86645-253A-4BA3-BA2A-2725575C390D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor2952_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.9.8.5\",\"matchCriteriaId\":\"F39C5A58-E6F1-4BA5-B321-7EA78F8DC7A6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor2952:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"167336E2-AAA8-4424-AB07-2D7C9E1542B3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:draytek:vigor3220_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.9.8.5\",\"matchCriteriaId\":\"85DA10A6-CA24-4D03-B4DC-CC9A33D7E22D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:draytek:vigor3220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64955940-3998-4B76-92D1-D9F3FAB874B4\"}]}]}],\"references\":[{\"url\":\"http://draytek.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-02-27T20:47:37.278Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser\u0027s handling of the \\\"Content-Length\\\" header of HTTP POST requests.\"}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"version\": \"n/a\", \"status\": \"affected\"}]}], \"references\": [{\"url\": \"http://draytek.com\"}, {\"url\": \"https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946\"}], \"problemTypes\": [{\"descriptions\": [{\"type\": \"text\", \"lang\": \"en\", \"description\": \"n/a\"}]}]}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-51139\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-28T16:59:54.401854Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-28T17:23:11.150Z\"}}]}",
"cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2024-51139\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"assignerShortName\": \"mitre\", \"dateUpdated\": \"2025-02-28T17:23:14.780Z\", \"dateReserved\": \"2024-10-28T00:00:00.000Z\", \"datePublished\": \"2025-02-27T00:00:00.000Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…