CVE-2024-44844 is a critical security vulnerability affecting DrayTek Vigor3900 routers running firmware version 1.5.1.6. The issue is an authenticated command injection via the 'name' parameter in the run_command function, classified under CWE-77 (Improper Neutralization of Special Elements used in a Command). An attacker with valid credentials can inject arbitrary commands that the system executes with elevated privileges, potentially leading to complete device compromise. The vulnerability has a CVSS 3.1 base score of 8.0, indicating high severity with attack vector as adjacent network (AV:A), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), and impacting confidentiality, integrity, and availability (C:H/I:H/A:H). This means the attacker must have some level of authenticated access, but once obtained, can fully control the device. The flaw could allow attackers to disrupt network operations, exfiltrate sensitive data, or pivot into internal networks. No public exploit code is currently known, but the vulnerability is publicly disclosed and should be considered a high risk. The lack of available patches at the time of disclosure increases urgency for mitigation through access restrictions and monitoring. DrayTek Vigor3900 devices are commonly used in enterprise and ISP environments, making this vulnerability relevant to organizations relying on these routers for secure network infrastructure.

The impact of CVE-2024-44844 is significant for organizations using DrayTek Vigor3900 routers. Successful exploitation can lead to full compromise of the router, allowing attackers to execute arbitrary commands with elevated privileges. This can result in unauthorized access to internal networks, interception or manipulation of network traffic, disruption of network services, and potential lateral movement to other critical systems. Confidentiality is at risk as attackers could exfiltrate sensitive data passing through or stored on the device. Integrity and availability are also threatened since attackers can alter configurations or cause denial of service. Given the router’s role as a network gateway, the vulnerability could undermine the security posture of entire organizations, especially those with limited network segmentation. The requirement for authentication limits exposure to some extent, but insider threats or compromised credentials could enable exploitation. The absence of known public exploits currently reduces immediate widespread attacks but does not eliminate the risk, especially as threat actors often develop exploits rapidly after disclosure.

Organizations should immediately restrict administrative access to DrayTek Vigor3900 routers to trusted personnel and secure management interfaces using strong authentication methods such as multi-factor authentication. Network segmentation should be enforced to limit access to router management interfaces from untrusted networks. Monitoring and logging of administrative activities should be enhanced to detect suspicious command execution attempts. Until official patches are released by DrayTek, consider deploying compensating controls such as disabling unnecessary services or interfaces that could be leveraged for exploitation. Regularly check for firmware updates from DrayTek and apply them promptly once available. Conduct internal audits to ensure no unauthorized accounts or weak credentials exist on these devices. Additionally, implement network intrusion detection systems (NIDS) tuned to detect anomalous command injection patterns or unusual traffic flows associated with compromised routers. Finally, educate administrators about the risks of credential compromise and enforce strict password policies.