Command Injection Vulnerability in DrayTek Vigor3900 Router

CVE-2024-45882

Summary

The DrayTek Vigor3900 router version 1.5.1.3 is susceptible to a command injection vulnerability triggered by improper handling of the action parameter in the cgi-bin/mainfunction.cgi script when set to delete_map_profile. Exploiting this vulnerability may allow an attacker to execute arbitrary commands on the router, potentially compromising the device and the network it's connected to. Administrators should take immediate steps to apply relevant security patches and mitigate risks associated with this vulnerability.

References