Is CVE-2024-51138 actively exploited?

CVE-2024-51138 has no public evidence of in-the-wild exploitation as of 2025-05-28.

What is the CVSS score for CVE-2024-51138?

CVE-2024-51138 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2024-51138?

Patch guidance is available from draytek security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-51138.

Fix CVE-2024-51138 - CRITICAL draytek vigor3912 firmware

Q: Which products are affected by CVE-2024-51138?

25 products: draytek vigor3912 firmware, draytek vigor2620 firmware, draytek vigorlte200 firmware, draytek vigor2860 firmware, draytek vigor2925 firmware, and 20 more.

Description

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-121

Metadata

Primary Vendor: DRAYTEK
Published: 2/27/2025
Last Modified: 5/28/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

draytek : vigor3912_firmwaredraytek : vigor2620_firmwaredraytek : vigorlte200_firmwaredraytek : vigor2860_firmwaredraytek : vigor2925_firmwaredraytek : vigor2862_firmwaredraytek : vigor2926_firmwaredraytek : vigor2133_firmwaredraytek : vigor2762_firmwaredraytek : vigor2832_firmwaredraytek : vigor2135_firmwaredraytek : vigor2765_firmwaredraytek : vigor2766_firmwaredraytek : vigor2763_firmwaredraytek : vigor2865_firmwaredraytek : vigor2866_firmwaredraytek : vigor2927_firmwaredraytek : vigor2962_firmwaredraytek : vigor2962_firmwaredraytek : vigor3910_firmwaredraytek : vigor3910_firmwaredraytek : vigor2915_firmwaredraytek : vigor1000b_firmwaredraytek : vigor2952_firmwaredraytek : vigor3220_firmware

Remediation Guidance

Executive Summary

View on NIST NVD