CVE-2024-51299

vigor3900_firmware vulnerability - draytek

High CVSS Score: 8.8 Published: 2024-10-30

Description

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the dumpSyslog function.

Affected Systems

Vendor	draytek
Product	vigor3900_firmware
Affected Versions	1.5.1.3; -
CWE ID	CWE-77

Mitigation

Apply the latest security patches from the vendor, restrict network exposure where applicable, and monitor for exploitation attempts.

Fix Instructions

Refer to the vendor advisory and apply the latest security updates. See references for detailed patching instructions.

References

https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/...

Risk Assessment

CVSS: 8.8/10

Exploit Available	Unknown
Patch Available	Unknown

Need Help Patching?

Our security team can help assess and remediate this vulnerability in your environment.

Get Help

Related Vulnerabilities

high

CVE-2024-41340

vigor165_firmware...

high

CVE-2024-41339

vigor165_firmware...

high

CVE-2024-41334

vigor166_firmware...

critical

CVE-2024-51139

vigor2620_firmware...

critical

CVE-2024-51138

vigor3912_firmware...

high

CVE-2024-51254

vigor3900_firmware...

Stay Ahead of Threats

Subscribe to our vulnerability feed and get instant alerts when new CVEs affect your systems.

Start Monitoring