ГлавнаяУязвимости → CVE-2024-51138
9.8критическая

CVE-2024-51138

Описание

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges.

Затрагиваемое ПО
Draytek Vigor3912 firmwareDraytek Vigor3912Draytek Vigor2620 firmwareDraytek Vigor2620Draytek Vigorlte200 firmwareDraytek Vigorlte200Draytek Vigor2860 firmwareDraytek Vigor2860Draytek Vigor2925 firmwareDraytek Vigor2925Draytek Vigor2862 firmwareDraytek Vigor2862Draytek Vigor2926 firmwareDraytek Vigor2926Draytek Vigor2133 firmwareDraytek Vigor2133Draytek Vigor2762 firmwareDraytek Vigor2762Draytek Vigor2832 firmwareDraytek Vigor2832Draytek Vigor2135 firmwareDraytek Vigor2135Draytek Vigor2765 firmwareDraytek Vigor2765Draytek Vigor2766 firmware
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946