Command Injection Vulnerability in Draytek Vigor3900 Router

CVE-2024-51253

Summary

A command injection vulnerability exists in the Draytek Vigor3900 router version 1.5.1.3, where attackers can exploit the mainfunction.cgi script. By targeting the doL2TP function, they can inject and execute arbitrary commands, compromising the integrity and security of the device. This vulnerability emphasizes the need for robust security measures and timely updates to safeguard against such attacks.

References