Buffer Overflow Vulnerability in DrayTek Routers
CVE-2024-51138

Currently unrated

Key Information:

Vendor: DrayTek
Status: DrayTek Routers
Vendor: CVE Published:; 27 February 2025

Summary

A stack-based buffer overflow vulnerability has been discovered in the URL parsing functionality of the TR069 STUN server within various DrayTek routers. This flaw is due to inadequate bounds checking on URL parameters, potentially leading to an attacker executing arbitrary code with elevated privileges by sending a specially crafted request. This severity underscores the necessity for immediate patching to safeguard affected devices.

References

http://draytek.com

https://medium.com/faraday/advisory-multiple-vulnerabilit...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Oct 28, 2024