#VU106350 Integer overflow in DrayTek Corp. products - CVE-2024-51139


Vulnerability identifier: #VU106350

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-51139

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Vigor2620 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
VigorLTE 200n
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2133
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2135
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2762
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2765
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2766
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2832
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2860
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2860 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2862
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2862 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2865
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2865 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2865L-5G
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2866
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2866 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2915
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2925
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2925 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2926
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2926 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2927
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2927 LTE
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2927L-5G
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2952
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2952P
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor2962
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor3220
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor3910
Hardware solutions / Routers & switches, VoIP, GSM, etc
Vigor3912
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: DrayTek Corp.

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the CGI parser’s handling of HTTP POST requests’ "Content-Length" header. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Vigor2620 LTE: before 3.9.9.1

VigorLTE 200n: before 3.9.9.1

Vigor2133: before 3.9.9.2

Vigor2135: before 4.4.5.5

Vigor2762: before 3.9.9.2

Vigor2765: before 4.4.5.5

Vigor2766: before 4.4.5.5

Vigor2832: before 3.9.9.2

Vigor2860: before 3.9.8.3

Vigor2860 LTE: before 3.9.8.3

Vigor2862: before 3.9.9.8

Vigor2862 LTE: before 3.9.9.8

Vigor2865: before 4.4.5.8

Vigor2865 LTE: before 4.4.5.8

Vigor2865L-5G: before 4.4.5.8

Vigor2866: before 4.4.5.8

Vigor2866 LTE: before 4.4.5.8

Vigor2915: before 4.4.5

Vigor2925: before 3.9.8.3

Vigor2925 LTE: before 3.9.8.3

Vigor2926: before 3.9.9.8

Vigor2926 LTE: before 3.9.9.8

Vigor2927: before 4.4.5.8

Vigor2927 LTE: before 4.4.5.8

Vigor2927L-5G: before 4.4.5.8

Vigor2952: before 3.9.8.5

Vigor2952P: before 3.9.8.5

Vigor2962: before 4.3.2.9

Vigor3220: before 3.9.8.5

Vigor3910: before 4.3.2.9

Vigor3912: before 4.3.6.2

External links
https://draytek.com
https://medium.com/faraday/advisory-multiple-vulnerabilities-affecting-draytek-routers-78a6cb8b3946
https://www.draytek.com/about/security-advisory/buffer-overflow-vulnerabilities-(cve-2024-51138-cve-...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Draytek routers