DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`
This Cyber News was published on www.tenable.com. Publication date: Tue, 05 Nov 2024 17:16:03 +0000