CVE-2024-44845 is an authenticated command injection vulnerability identified in the DrayTek Vigor3900 router firmware version 1.5.1.6. The vulnerability arises from improper sanitization of the 'value' parameter within the filter_string function, allowing an authenticated attacker with low privileges to inject and execute arbitrary system commands on the device. The vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating that user-supplied input is not correctly filtered before being passed to system-level commands. The CVSS v3.1 base score is 8.0, reflecting high severity due to its impact on confidentiality, integrity, and availability (all rated high). The attack vector is adjacent network (AV:A), requiring the attacker to have some level of authenticated access (PR:L) but no user interaction (UI:N). The scope remains unchanged (S:U), meaning the vulnerability affects only the vulnerable component. Exploitation could allow attackers to execute arbitrary commands, potentially leading to full device compromise, interception or manipulation of network traffic, and disruption of network services. No public exploits or patches are currently available, emphasizing the need for proactive monitoring and mitigation. DrayTek Vigor3900 is commonly used in enterprise and ISP environments, making this vulnerability a significant risk for network infrastructure security.

The impact of CVE-2024-44845 is substantial for organizations relying on DrayTek Vigor3900 routers. Successful exploitation can lead to complete compromise of the device, allowing attackers to execute arbitrary commands with the privileges of the router's operating system. This can result in unauthorized access to sensitive network traffic, manipulation or disruption of routing and firewall policies, and potential pivoting to internal networks. The confidentiality of data passing through the device can be breached, integrity of network configurations can be altered, and availability of network services can be disrupted or denied. Enterprises, service providers, and critical infrastructure operators using these devices face increased risk of targeted attacks, espionage, and service outages. The requirement for authenticated access somewhat limits the attack surface but does not eliminate risk, especially in environments with weak credential management or exposed management interfaces. The absence of known exploits in the wild currently reduces immediate threat but does not preclude future exploitation once exploit code becomes available.

To mitigate CVE-2024-44845, organizations should implement the following specific measures: 1) Restrict access to the management interfaces of DrayTek Vigor3900 routers to trusted networks and IP addresses using firewall rules and network segmentation. 2) Enforce strong authentication mechanisms, including complex passwords and, if supported, multi-factor authentication to reduce the risk of credential compromise. 3) Monitor router logs and network traffic for unusual command execution patterns or unauthorized access attempts. 4) Disable or limit the use of vulnerable functions or features if possible until a patch is released. 5) Engage with DrayTek support channels to obtain information on forthcoming patches or firmware updates addressing this vulnerability. 6) Conduct regular vulnerability assessments and penetration tests focusing on network devices to identify potential exploitation attempts. 7) Educate network administrators about the risks of command injection vulnerabilities and the importance of secure device management. 8) Consider deploying intrusion detection/prevention systems (IDS/IPS) capable of detecting command injection attempts targeting network devices. These steps go beyond generic advice by focusing on access control, monitoring, and proactive engagement with the vendor.