CVE-2024-51253

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Published: Nov 4, 2024 / Updated: 15d ago

010
CVSS 8EPSS 0.04%High
CVE info copied to clipboard

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-51253

Nov 4, 2024 at 2:15 PM
First Article

Feedly found the first article mentioning CVE-2024-51253. See article

Nov 4, 2024 at 2:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 4, 2024 at 2:21 PM
CVSS

A CVSS base score of 8 has been assigned.

Nov 4, 2024 at 5:41 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.6%)

Nov 5, 2024 at 10:05 AM
Static CVE Timeline Graph

Affected Systems

Draytek/vigor3900_firmware
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI