Post-Authentication Command Injection in DrayTek Vigor3900 Appliance
CVE-2024-45887

Currently unrated

Key Information:

Vendor: DrayTek
Status: Vigor3900
Vendor: CVE Published:; 4 November 2024

What is CVE-2024-45887?

The DrayTek Vigor3900 version 1.5.1.3 is affected by a post-authentication command injection vulnerability. This security flaw arises when the 'action' parameter within the 'cgi-bin/mainfunction.cgi' script is configured to execute 'doOpenVPN'. Exploitation of this vulnerability could allow an unauthorized user to inject arbitrary commands, potentially compromising the device's integrity and functionality. It is recommended that users apply any available patches and implement security best practices to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/N1nEmAn/wp/blob/main/test_v.zip

https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor39...

Timeline

Vulnerability published
Nov 4, 2024

JSON

DrayTek

What is CVE-2024-45887?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.