Vulnerability Details CVE-2024-45890
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`
Exploit prediction scoring system (EPSS) score
EPSS Score 0.042
EPSS Ranking 88.1%
CVSS Severity
CVSS v3 Score 8.0
References
Products affected by CVE-2024-45890
-
cpe:2.3:h:draytek:vigor3900:-
-
cpe:2.3:o:draytek:vigor3900_firmware:1.5.1.3