Expired

Security Advisory: Buffer Overflow

Expired

Models Affected: See table below

Priority: Critical

Action Required: Check firmware version on units and upgrade immediately

On October 9th, 2024, we identified multiple buffer overflow vulnerabilities and have promptly addressed them with critical security enhancements. To protect your system, we strongly recommend upgrading the firmware to at least from the listed version.

  • CVE-2024-51138: TR069 STUN server buffer overflow.
  • CVE-2024–51139: CGI POST integer overflow.

Firmware versions including fixes for the vulnerabilities were released around Nov 2024 (depending on model), but we are publishing this advisory to encourage users to check the firmware version they are running. Please check here to download, and upgrade the firmware per model as soon as possible to ensure the security of your system.

If you have not already upgraded, update your firmware immediately. Before doing the upgrade, take a backup of your current config in case you need to restore it later [System Maintenance] > [Config Backup]. Do use the .ALL file to upgrade, otherwise you will wipe your router settings. If you are upgrading from a much older firmware, then please check the release notes carefully for any upgrading instructions.

Model Firmware
Vigor 2620Ln 3.9.9.1 or later
Vigor 2135ax 4.4.5.5 or later
Vigor 2762 Series 3.9.9.2 or later
Vigor 2765 Series 4.4.5.5 or later
Vigor 2766 Series 4.4.5.5 or later
Vigor 2832 Series 3.9.9.2 or later
Vigor 2860 Series 3.9.8.3 or later
Vigor 2862 Series 3.9.9.8 or later
Vigor 2865 Series 4.4.5.8 or later
Vigor 2866 Series 4.4.5.8 or later
Vigor 2925 Series 3.9.8.3 or later
Vigor 2926 Series 3.9.9.8 or later
Vigor 2927 Series 4.4.5.8 or later
Vigor 2962 4.3.2.9 or later (Stable branch)
Vigor 2962 4.4.3.2 or later (Mainline branch)
Vigor 3910 4.3.2.9 or later (Stable branch)
Vigor 3910 4.4.3.2 or later (Mainline branch)
Vigor 3912 4.4.3.2 or later

We sincerely appreciate the Faraday Security Research team for their efforts in security testing and timely reporting the vulnerability, which help enhance our security measures.