CVE-2024-43027 | Draytek Vigor 3900/Vigor 2960/Vigor 300B prior 1.5.1.5_Beta cgi-bin/mainfunction.cgi action command injection

Posted by Angelo Barbosa | Aug 21, 2024 | CVE

A vulnerability, which was classified as critical, was found in Draytek Vigor 3900, Vigor 2960 and Vigor 300B. This affects an unknown part of the file cgi-bin/mainfunction.cgi. The manipulation of the argument action leads to command injection.

This vulnerability is uniquely identified as CVE-2024-43027. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-43027 | Draytek Vigor 3900/Vigor 2960/Vigor 300B prior 1.5.1.5_Beta cgi-bin/mainfunction.cgi action command injection

Related Posts

CVE-2024-0796 | Active Products Tables for WooCommerce Plugin up to 1.0.6.1 on WordPress cross-site request forgery

CVE-2024-23290 | Apple watchOS access control

CVE-2024-7950 | WP Job Portal Plugin up to 2.1.6 on WordPress Setting authorization

CVE-2024-38506 | JetBrains YouTrack up to 2024.1.29548 Auto-attach Option authorization