CVE-2024-51253

CVSS 3.1 Score 8 of 10 (high)

Details

Published Nov 4, 2024

CWE ID 78

Summary

CVE-2024-51253 is a newly disclosed vulnerability affecting the Draytek Vigor3900 router running version 1.5.1.3. This issue allows attackers to inject malicious commands into the mainfunction.cgi file, ultimately executing arbitrary commands through the doL2TP function. By exploiting this flaw, unauthorized users can gain control over the affected device, potentially resulting in data theft, unauthorized access, or other malicious activities. Routers with this vulnerability should be updated to the latest firmware as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

DrayTek Vigor 3900

Affected Vendors

DrayTek

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/z7Zhwi
https://www.cve.org/CVERecord?id=CVE-2024-51253
https://nvd.nist.gov/vuln/detail/CVE-2024-51253

Back to Vulnerability Database