Remote Command Injection in Draytek Vigor3900 by DrayTek
CVE-2024-51251
Currently unrated
Summary
In the Draytek Vigor3900 version 1.5.1.3, a vulnerability exists that allows attackers to inject harmful commands via the mainfunction.cgi script, specifically by exploiting the backup function feature. This could enable unauthorized users to execute arbitrary commands, potentially leading to a compromise of the device and the network it manages, posing significant security risks.
References
Timeline
Vulnerability published