CVE-2024-45890

Name of the Vulnerable Software and Affected Versions DrayTek Vigor3900 version 1.5.1.3 DrayTek Vigor 2960 (affected versions not specified) DrayTek Vigor 300B (affected versions not specified)

Description The issue is related to a post-authentication command injection. This occurs when the action parameter in the cgi-bin/mainfunction.cgi endpoint is set to download ovpn. The vulnerability in the set ap map config() function of the mainfunction.cgi script is due to the lack of neutralization of < and & elements used in the operating system command when processing the action parameter. This allows a remote attacker to execute arbitrary commands.

Recommendations For DrayTek Vigor3900 version 1.5.1.3, consider disabling the download ovpn action in the cgi-bin/mainfunction.cgi endpoint until a patch is available. For DrayTek Vigor 2960 and DrayTek Vigor 300B, at the moment, there is no information about a newer version that contains a fix for this vulnerability.