CVE-2024-51249

Summary

CVE-2024-51249 is a newly discovered vulnerability affecting the Draytek Vigor3900 device with firmware version 1.5.1.3. This issue grants attackers the ability to inject malicious commands into the mainfunction.cgi file and subsequently execute arbitrary commands on the system. The vulnerability is exploited by manipulating the input to the reboot function, which allows the attacker to bypass normal authentication procedures, potentially leading to serious security consequences. System administrators are strongly advised to update their Draytek Vigor3900 devices to the latest firmware version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.