Exploit
CVE-2024-51252

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Published: Nov 1, 2024 / Updated: 18d ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

In Draytek Vigor3900 version 1.5.1.3, there is a vulnerability that allows attackers to inject malicious commands into the mainfunction.cgi file and execute arbitrary commands by calling the restore function. This is classified as an OS Command Injection vulnerability (CWE-78).

Impact

The impact of this vulnerability is severe. Attackers can execute arbitrary commands on the affected system, potentially leading to complete system compromise. With a CVSS v3.1 base score of 9.8 (Critical), this vulnerability has high impacts on confidentiality, integrity, and availability. The attack vector is network-based, requires no user interaction, and can be executed with no privileges, making it easily exploitable. Given these factors, the potential for unauthorized access, data theft, system manipulation, and service disruption is significant.

Exploitation

One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.

Patch

As of the provided information, there is no mention of an available patch for this vulnerability. The affected version is Draytek Vigor3900 firmware version 1.5.1.3, and no updated version has been specified.

Mitigation

While no specific patch is mentioned, the following mitigation strategies are recommended: 1. Implement strong network segmentation to limit access to the affected devices. 2. Use firewalls or access control lists to restrict access to the management interface of Draytek Vigor3900 devices. 3. Monitor for any suspicious activities or unauthorized access attempts. 4. Regularly check for and apply any security updates or patches released by Draytek. 5. If possible, consider temporarily disabling the affected functionality until a patch is available. 6. Implement input validation and sanitization mechanisms if managing these devices through custom interfaces.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-51252

Nov 1, 2024 at 6:15 PM
First Article

Feedly found the first article mentioning CVE-2024-51252. See article

Nov 1, 2024 at 6:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 1, 2024 at 6:24 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.9%)

Nov 2, 2024 at 10:04 AM
CVSS

A CVSS base score of 8 has been assigned.

Nov 4, 2024 at 9:40 PM / nvd
CVSS

A CVSS base score of 9.8 has been assigned.

Nov 5, 2024 at 8:55 PM / nvd
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Nov 5, 2024 at 10:10 PM
Static CVE Timeline Graph

Affected Systems

Draytek/vigor3900_firmware
+null more

Exploits

https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

News

CVE-2024-51252 Exploit
CVE Id : CVE-2024-51252 Published Date: 2024-11-05T20:54:00+00:00 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. inTheWild added a link to an exploit: https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf
NA - CVE-2024-51252 - In Draytek Vigor3900 1.5.1.3, attackers can...
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function.
CVE-2024-51252 | Draytek Vigor 3900 1.5.1.3 mainfunction.cgi restore command injection
A vulnerability was found in Draytek Vigor 3900 1.5.1.3 . It has been declared as critical . Affected by this vulnerability is the function restore of the file mainfunction.cgi . The manipulation leads to command injection. This vulnerability is known as CVE-2024-51252 . The attack can be launched remotely. There is no exploit available.
CVE-2024-51252
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore...
CVE-2024-51252 - Draytek Vigor3900 Command Injection Vulnerability
CVE ID : CVE-2024-51252 Published : Nov. 1, 2024, 6:15 p.m. 52 minutes ago Description : In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
See 1 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI