Buffer Overflow Vulnerability in DrayTek Routers
CVE-2024-51138

9.8CRITICAL

Key Information:

Vendor: DrayTek
Status: DrayTek Routers
Vendor: CVE Published:; 27 February 2025

Badges

👾 Exploit Exists📰 News Worthy

Summary

A stack-based buffer overflow vulnerability has been discovered in the URL parsing functionality of the TR069 STUN server within various DrayTek routers. This flaw is due to inadequate bounds checking on URL parameters, potentially leading to an attacker executing arbitrary code with elevated privileges by sending a specially crafted request. This severity underscores the necessity for immediate patching to safeguard affected devices.

News Articles

CVE-2024-51138 CVE-2024-51139

Critical DrayTek Router Vulnerabilities Expose Devices to RCE Attacks

highlight systemic risks in widely used SOHO routers due to outdated firmware, weak authentication mechanisms, and insecure update processes.

thmubnail image

References

http://draytek.com

https://medium.com/faraday/advisory-multiple-vulnerabilit...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Mar 7, 2025
📰
First article discovered by GBHackers News
Mar 7, 2025
Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Oct 28, 2024

.

CVE-2024-51138 : Buffer Overflow Vulnerability in DrayTek Routers | SecurityVulnerability.io