Volerion logoVolerion
Volerion logoVolerion

DrayTek Routers Buffer Overflow Vulnerability Allowing Remote Code Execution

Vulnerability

A buffer overflow vulnerability has been identified in several DrayTek router models, including the Vigor2620/LTE200, Vigor2860/2925, Vigor2862/2926, Vigor2133/2762/2832, Vigor165/166, Vigor2135/2765/2766, Vigor2865/2866/2927, Vigor2962/3910, and Vigor3912. The vulnerability exists in specific firmware versions, with the affected models and their corresponding vulnerable versions detailed in the advisory. The issue arises in the CGI parser's management of the 'Content-Length' header in HTTP POST requests, enabling remote attackers to execute arbitrary code on the affected devices.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected router models.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
7.5
exploitability
7.0
remediation
0.0
relevance
0.0
threat
0.1
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.