Command Injection Vulnerability in DrayTek Vigor Routers
CVE-2024-43027

Currently unrated

Key Information:

Vendor: DrayTek
Status: Vigor 3900, Vigor 2960, Vigor 300B
Vendor: CVE Published:; 21 August 2024

What is CVE-2024-43027?

The DrayTek Vigor series, including models 3900, 2960, and 300B, suffer from a command injection vulnerability located in the action parameter of cgi-bin/mainfunction.cgi. This flaw allows attackers to execute arbitrary commands on the affected devices, posing a significant risk to network integrity and confidentiality. Organizations using these routers should upgrade to versions v1.5.1.5_Beta or later to mitigate potential exploits.

References

https://github.com/N1nEmAn/wp/blob/main/V3900.md

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2024
Vulnerability Reserved
Aug 5, 2024