CVE-2024-48074
CVE-2024-48074
Vexday Risk Score
43Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
28 Oct 2024Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function.
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a