CVE-2024-51300

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Draytek Vigor3900 version 1.5.1.3

Description The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get rrd function.

Recommendations For Draytek Vigor3900 version 1.5.1.3, consider restricting access to the mainfunction.cgi endpoint and the get rrd function until a patch is available.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2024-51300

Affected Products

Draytek Vigor3900

CVE-2024-51300

Weakness Enumeration

Related Identifiers

Affected Products

References · 4