9.8критическая
CVE-2024-51139
Описание
Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests.
Затрагиваемое ПО
Draytek Vigor2620 firmwareDraytek Vigor2620Draytek Vigorlte200 firmwareDraytek Vigorlte200Draytek Vigor2860 firmwareDraytek Vigor2860Draytek Vigor2925 firmwareDraytek Vigor2925Draytek Vigor2862 firmwareDraytek Vigor2862Draytek Vigor2926 firmwareDraytek Vigor2926Draytek Vigor2133 firmwareDraytek Vigor2133Draytek Vigor2762 firmwareDraytek Vigor2762Draytek Vigor2832 firmwareDraytek Vigor2832Draytek Vigor2135 firmwareDraytek Vigor2135Draytek Vigor2765 firmwareDraytek Vigor2765Draytek Vigor2766 firmwareDraytek Vigor2766Draytek Vigor2763 firmware
CVSS
| Балл | 9.8 — критическая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Источники
https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946