Buffer Overflow Vulnerability in DrayTek Routers
CVE-2024-51139

Currently unrated

Key Information:

Vendor: DrayTek
Status: DrayTek Routers
Vendor: CVE Published:; 27 February 2025

Summary

A buffer overflow vulnerability exists in several DrayTek routers that allows remote attackers to execute arbitrary code. This issue is triggered through the CGI parser when it improperly handles the 'Content-Length' header in HTTP POST requests. Exploitation of this vulnerability could lead to unauthorized access and control over affected devices, making it crucial for users to apply security updates and mitigate risks.

References

http://draytek.com

https://medium.com/faraday/advisory-multiple-vulnerabilit...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Oct 28, 2024