CVE-2024-51138

Name of the Vulnerable Software and Affected Versions Vigor165/166 versions 4.2.7 and earlier Vigor2620/LTE200 versions 3.9.8.9 and earlier Vigor2860/2925 versions 3.9.8 and earlier Vigor2862/2926 versions 3.9.9.5 and earlier Vigor2133/2762/2832 versions 3.9.9 and earlier Vigor2135/2765/2766 versions 4.4.5 and earlier Vigor2865/2866/2927 versions 4.4.5.3 and earlier Vigor2962 versions 4.3.2.8 and earlier Vigor3912 versions 4.3.6.1 and earlier Vigor3910 versions 4.4.3.1 and earlier

Description A stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges.

Recommendations For Vigor165/166 versions 4.2.7 and earlier, update to a version later than 4.2.7. For Vigor2620/LTE200 versions 3.9.8.9 and earlier, update to a version later than 3.9.8.9. For Vigor2860/2925 versions 3.9.8 and earlier, update to a version later than 3.9.8. For Vigor2862/2926 versions 3.9.9.5 and earlier, update to a version later than 3.9.9.5. For Vigor2133/2762/2832 versions 3.9.9 and earlier, update to a version later than 3.9.9. For Vigor2135/2765/2766 versions 4.4.5 and earlier, update to a version later than 4.4.5. For Vigor2865/2866/2927 versions 4.4.5.3 and earlier, update to a version later than 4.4.5.3. For Vigor2962 versions 4.3.2.8 and earlier, update to a version later than 4.3.2.8. For Vigor3912 versions 4.3.6.1 and earlier, update to a version later than 4.3.6.1. For Vigor3910 versions 4.4.3.1 and earlier, update to a version later than 4.4.3.1.