CVE-2024-51139
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk57th percentile - higher than 57% of all known CVEs
Summary
A buffer overflow vulnerability exists in multiple Vigor routers in the CGI parser when handling the "Content-Length" header of HTTP POST requests. This allows a remote attacker to execute arbitrary code on the device.
Risk Assessment
An attacker can take control of the router, leading to breach of network confidentiality and integrity, and potentially spreading the attack to other devices on the local network.
Recommendation
Immediately update the firmware of affected Vigor routers to the latest version available from the vendor. If updating is not possible, restrict management interface access to trusted IP addresses only.
Original NVD description (English source)
Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests.

