CVE Catalog

CVE-2024-51139

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.95%

57th percentile - higher than 57% of all known CVEs

Summary

A buffer overflow vulnerability exists in multiple Vigor routers in the CGI parser when handling the "Content-Length" header of HTTP POST requests. This allows a remote attacker to execute arbitrary code on the device.

Risk Assessment

An attacker can take control of the router, leading to breach of network confidentiality and integrity, and potentially spreading the attack to other devices on the local network.

Recommendation

Immediately update the firmware of affected Vigor routers to the latest version available from the vendor. If updating is not possible, restrict management interface access to trusted IP addresses only.

Original NVD description (English source)

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS