Lucene search

K
nvd[email protected]NVD:CVE-2024-51255
HistoryOct 31, 2024 - 4:15 p.m.

CVE-2024-51255

2024-10-3116:15:06
CWE-77
web.nvd.nist.gov
3
draytek vigor3900
command injection
mainfunction.cgi
arbitrary commands
ruequest_certificate
cve-2024-51255

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

9.9%

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

9.9%

Related for NVD:CVE-2024-51255