CVE-2024-51260

Name of the Vulnerable Software and Affected Versions DrayTek Vigor3900 version 1.5.1.3

Description The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme process function. This enables attackers to potentially gain unauthorized access and control over the system.

Recommendations For DrayTek Vigor3900 version 1.5.1.3, consider disabling access to the mainfunction.cgi endpoint and restricting the use of the acme process function until a patch is available. Avoid using the acme process function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.