CVE-2024-45893

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Nov 4, 2024

CWE ID 78

Summary

CVE-2024-45893 is a post-authentication command injection vulnerability affecting the DrayTek Vigor3900 with firmware version 1.5.1.3. The issue lies within the `mainfunction.cgi` script, specifically when the `action` parameter is set to `setSWMOption`. An attacker can exploit this vulnerability by injecting malicious commands, potentially leading to unauthorized system modifications or data exposure. Users are advised to update their firmware as soon as a patch is available to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

DrayTek Vigor 3900

Affected Vendors

DrayTek

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/yhn8wQ
https://www.cve.org/CVERecord?id=CVE-2024-45893
https://nvd.nist.gov/vuln/detail/CVE-2024-45893

Back to Vulnerability Database