Post-Authentication Command Injection Vulnerability in DrayTek Vigor3900 Router
CVE-2024-45885
Currently unrated
What is CVE-2024-45885?
The DrayTek Vigor3900 router, specifically version 1.5.1.3, has a vulnerability that allows for command injection post-authentication. This occurs when the action parameter in the cgi-bin/mainfunction.cgi script is manipulated to trigger the autodiscovery_clear function. Exploiting this vulnerability could allow an attacker to execute arbitrary commands on the affected device, potentially compromising its integrity and security. Users are advised to review the specific configurations and apply necessary security patches.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.