CVE-2024-51139

high-risk

Published 2025-02-27

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests.

Do I need to act?

5.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Vigor2620 Firmware

Vigorlte200 Firmware

Vigor2860 Firmware

Vigor2925 Firmware

Vigor2862 Firmware

Vigor2926 Firmware

Vigor2133 Firmware

Vigor2762 Firmware

Vigor2832 Firmware

Vigor2135 Firmware

Vigor2765 Firmware

Vigor2766 Firmware

Vigor2763 Firmware

Vigor2865 Firmware

Vigor2866 Firmware

Vigor2927 Firmware

Vigor2962 Firmware

Vigor3910 Firmware

Vigor3912 Firmware

Vigor2915 Firmware

Affected Vendors

Draytek

References (2)

Product http://draytek.com

Third Party Advisory https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-r...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 8/34 · Low

Exposure 21/34 · High