CVE-2024-45882 is a command injection vulnerability identified in the DrayTek Vigor3900 router firmware version 1.5.1.3. The vulnerability arises from improper sanitization of the 'action' parameter in the CGI script 'cgi-bin/mainfunction.cgi', specifically when the parameter is set to 'delete_map_profile'. This flaw allows an attacker with authenticated access and low privileges to inject arbitrary operating system commands, exploiting CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The vulnerability does not require user interaction and can be exploited remotely over the network, though authentication is required. The CVSS 3.1 base score is 8.0, reflecting high impact on confidentiality, integrity, and availability. Successful exploitation could enable attackers to execute arbitrary commands, potentially leading to full device compromise, disruption of network traffic, interception or manipulation of data, and lateral movement within the network. No patches or official fixes have been published at the time of disclosure, and no known exploits are currently active in the wild. The vulnerability was reserved on September 11, 2024, and published on November 4, 2024. Given the critical role of routers in network infrastructure, this vulnerability poses a significant threat to organizations relying on DrayTek Vigor3900 devices.

The impact of CVE-2024-45882 is substantial for organizations using DrayTek Vigor3900 routers. Exploitation can lead to complete compromise of the router, allowing attackers to execute arbitrary commands with the privileges of the affected service. This can result in unauthorized access to sensitive network traffic, interception or modification of data, disruption of network services, and potential pivoting to internal systems. The confidentiality of communications passing through the router can be compromised, integrity of routing and firewall rules can be altered, and availability of network connectivity can be disrupted. For enterprises, this could mean loss of critical business operations, data breaches, and exposure to further attacks. The requirement for authentication limits exploitation to insiders or attackers who have obtained valid credentials, but the low privilege requirement and lack of user interaction make it easier for attackers to leverage this vulnerability once authenticated. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate it, as proof-of-concept exploits may emerge rapidly after disclosure.

Organizations should immediately audit their DrayTek Vigor3900 devices to confirm firmware versions and restrict access to the management interface to trusted administrators only. Network segmentation should be enforced to limit exposure of the router's management interface to untrusted networks. Strong authentication mechanisms, including multi-factor authentication, should be implemented to reduce the risk of credential compromise. Monitoring and logging of administrative access and unusual command execution attempts on the router should be enhanced to detect potential exploitation attempts. Until an official patch is released by DrayTek, consider disabling or restricting access to the vulnerable CGI endpoint if possible, or applying firewall rules to block access to 'cgi-bin/mainfunction.cgi' from untrusted sources. Regularly check for firmware updates from DrayTek and apply patches promptly once available. Additionally, conduct penetration testing and vulnerability scanning focused on router management interfaces to identify and remediate similar issues proactively.