CVE-2024-51139
CRITICALDescription
Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests.
Is your site exposed to CVE-2024-51139?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| draytek | vigor2620_firmware |
| draytek | vigor2620 |
| draytek | vigorlte200_firmware |
| draytek | vigorlte200 |
| draytek | vigor2860_firmware |
| draytek | vigor2860 |
| draytek | vigor2925_firmware |
| draytek | vigor2925 |
| draytek | vigor2862_firmware |
| draytek | vigor2862 |
| draytek | vigor2926_firmware |
| draytek | vigor2926 |
| draytek | vigor2133_firmware |
| draytek | vigor2133 |
| draytek | vigor2762_firmware |
| draytek | vigor2762 |
| draytek | vigor2832_firmware |
| draytek | vigor2832 |
| draytek | vigor2135_firmware |
| draytek | vigor2135 |
| draytek | vigor2765_firmware |
| draytek | vigor2765 |
| draytek | vigor2766_firmware |
| draytek | vigor2766 |
| draytek | vigor2763_firmware |
| draytek | vigor2763 |
| draytek | vigor2865_firmware |
| draytek | vigor2865 |
| draytek | vigor2866_firmware |
| draytek | vigor2866 |
| draytek | vigor2927_firmware |
| draytek | vigor2927 |
| draytek | vigor2962_firmware |
| draytek | vigor2962_firmware |
| draytek | vigor2962 |
| draytek | vigor3910_firmware |
| draytek | vigor3910_firmware |
| draytek | vigor3910 |
| draytek | vigor3912_firmware |
| draytek | vigor3912 |
| draytek | vigor2915_firmware |
| draytek | vigor2915 |
| draytek | vigor1000b_firmware |
| draytek | vigor1000b |
| draytek | vigor2952_firmware |
| draytek | vigor2952 |
| draytek | vigor3220_firmware |
| draytek | vigor3220 |
References
Frequently Asked Questions
What is CVE-2024-51139? +
How severe is CVE-2024-51139? +
What products are affected by CVE-2024-51139? +
How do I check if I'm vulnerable to CVE-2024-51139? +
Related Vulnerabilities
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain …
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM …
An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and …
The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” …
A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality …
Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer …