Command Injection Vulnerability in Draytek Vigor3900 by DrayTek
CVE-2024-51249

Currently unrated

Key Information:

Vendor: DrayTek
Status: Vigor3900
Vendor: CVE Published:; 4 November 2024

Summary

In DrayTek Vigor3900 version 1.5.1.3, a security flaw allows attackers to inject arbitrary commands through the mainfunction.cgi interface. By exploiting this vulnerability, an attacker can execute harmful commands by invoking a reboot function, potentially compromising the system's integrity and allowing unauthorized access. This issue poses significant risks to users and requires immediate attention to mitigate potential attacks.

References

https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor39...

Timeline

Vulnerability published
Nov 4, 2024