Vulnerability Details CVE-2024-45887
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`
Exploit prediction scoring system (EPSS) score
EPSS Score 0.042
EPSS Ranking 88.1%
CVSS Severity
CVSS v3 Score 8.0
References
Products affected by CVE-2024-45887
-
cpe:2.3:h:draytek:vigor3900:-
-
cpe:2.3:o:draytek:vigor3900_firmware:1.5.1.3