CVE-2024-46316 | Draytek Vigor3900 1.5.1.6 HTTP Message mainfunction.cgi sub_2C920 command injection

Inserito da Angelo Barbosa | Ott 9, 2024 | CVE

A vulnerability has been found in Draytek Vigor3900 1.5.1.6 and classified as critical. Affected by this vulnerability is the function sub_2C920 of the file /cgi-bin/mainfunction.cgi of the component HTTP Message Handler. The manipulation leads to command injection.

This vulnerability is known as CVE-2024-46316. The attack needs to be approached within the local network. There is no exploit available.

CVE-2024-46316 | Draytek Vigor3900 1.5.1.6 HTTP Message mainfunction.cgi sub_2C920 command injection

Post correlati

CVE-2023-52453 | Linux Kernel up to 6.6.13/6.7.1 hisi_acc_vfio_pci Privilege Escalation (45f80b2f230d/6bda81e24a35/be12ad45e15b)

CVE-2023-39509 | Bosch Camera command injection

CVE-2023-3517 | Hitachi Vantara Pentaho Data Integration & Analytics prior 9.3.0.5/9.5.0.1 JNDI Identifier resource injection

CVE-2024-35635 | WPManageNinja Ninja Tables Plugin up to 5.0.9 on WordPress server-side request forgery