CVE-2024-45888

CVSS 3.1 Score 8 of 10 (high)

Details

Published Nov 4, 2024
CWE ID 78

Summary

CVE-2024-45888 is a newly identified command injection vulnerability affecting the DrayTek Vigor3900 router with firmware version 1.5.1.3. This issue arises when the `action` parameter in the `cgi-bin/mainfunction.cgi` script is manipulated with the value `set_ap_map_config`. An attacker can exploit this vulnerability to inject and execute arbitrary commands on the affected device, potentially leading to serious security consequences, including data theft or unauthorized access. It is recommended that users promptly update their firmware to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • DrayTek Vigor 3900

Affected Vendors

  • DrayTek