CVE-2024-48153

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Oct 14, 2024 / Updated: 36d ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

DrayTek Vigor3900 version 1.5.1.3 contains a vulnerability that allows attackers to inject malicious commands into the mainfunction.cgi file and execute arbitrary commands by calling the get_subconfig function. This is a command injection vulnerability, classified under CWE-77 (Improper Neutralization of Special Elements used in a Command).

Impact

The impact of this vulnerability is severe. Attackers can execute arbitrary commands on the affected system, potentially leading to complete system compromise. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical), with high impacts on confidentiality, integrity, and availability. The attack vector is network-based, requires no user interaction, and can be exploited without any privileges, making it particularly dangerous. Potential impacts include unauthorized access to sensitive data, system modification or destruction, and service disruption.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

As of the current information provided, there is no mention of an available patch for this vulnerability. The security team should closely monitor DrayTek's official channels for any security updates or patches addressing this specific issue in Vigor3900 version 1.5.1.3.

Mitigation

While waiting for an official patch, the security team should consider the following mitigation strategies: 1. Network Segmentation: Isolate affected DrayTek Vigor3900 devices in a separate network segment with restricted access. 2. Access Control: Implement strict access controls to limit who can reach the device's management interface. 3. Firewall Rules: Configure firewall rules to restrict incoming traffic to the affected devices, especially from untrusted networks. 4. Monitoring: Implement enhanced monitoring for any suspicious activities or command executions on these devices. 5. Regular Security Audits: Conduct frequent security audits to detect any signs of compromise or unusual behavior. 6. Consider Replacement: If possible, consider replacing the affected devices with alternative, non-vulnerable networking equipment until a patch is available. 7. Disable Unnecessary Services: If feasible, disable any unnecessary services or functions on the affected devices to reduce the attack surface.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-48153

Oct 14, 2024 at 4:15 PM
First Article

Feedly found the first article mentioning CVE-2024-48153. See article

Oct 14, 2024 at 4:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 14, 2024 at 4:24 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 15, 2024 at 10:16 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 17, 2024 at 6:40 PM / nvd
Static CVE Timeline Graph

Affected Systems

Draytek/vigor3900_firmware
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

News

CVE-2024-48153
Critical Severity Description DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. Read more at https://www.tenable.com/cve/CVE-2024-48153
NA - CVE-2024-48153 - DrayTek Vigor3900 1.5.1.3 allows attackers to...
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.
CVE-2024-48153 | DrayTek Vigor3900 1.5.1.3 mainfunction.cgi get_subconfig command injection
A vulnerability, which was classified as critical , has been found in DrayTek Vigor3900 1.5.1.3 . Affected by this issue is the function get_subconfig of the file mainfunction.cgi . The manipulation leads to command injection. This vulnerability is handled as CVE-2024-48153 . The attack needs to be initiated within the local network. There is no exploit available.
CVE-2024-48153
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig...
CVE-2024-48153 - DrayTek Vigor3900 Command Injection Vulnerability
CVE ID : CVE-2024-48153 Published : Oct. 14, 2024, 4:15 p.m. 21 minutes ago Description : DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
See 1 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI