In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.
Metrics
Affected Vendors & Products
References
History
Tue, 05 Nov 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Draytek vigor3900
|
|
CPEs | cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:* | |
Vendors & Products |
Draytek vigor3900
|
Mon, 04 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Draytek
Draytek vigor3900 Firmware |
|
Weaknesses | CWE-78 | |
CPEs | cpe:2.3:o:draytek:vigor3900_firmware:1.5.1.3:*:*:*:*:*:*:* | |
Vendors & Products |
Draytek
Draytek vigor3900 Firmware |
|
Metrics |
cvssV3_1
|
Fri, 01 Nov 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-01T00:00:00
Updated: 2024-11-04T17:04:44.600Z
Reserved: 2024-10-28T00:00:00
Link: CVE-2024-51245
Vulnrichment
Updated: 2024-11-04T16:51:12.321Z
NVD
Status : Analyzed
Published: 2024-11-01T17:15:18.237
Modified: 2024-11-05T19:28:18.903
Link: CVE-2024-51245
Redhat
No data.