CVE-2024-45889 is a command injection vulnerability identified in the DrayTek Vigor3900 router firmware version 1.5.1.3. The vulnerability arises from improper input validation of the 'action' parameter in the CGI script located at cgi-bin/mainfunction.cgi. When this parameter is set to 'commandTable', an authenticated attacker with low privileges can inject arbitrary operating system commands, leading to full compromise of the device. This vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The CVSS v3.1 base score is 8.0, reflecting high severity with attack vector as adjacent network (AV:A), low attack complexity (AC:L), requiring privileges (PR:L) but no user interaction (UI:N). The impact covers confidentiality, integrity, and availability, allowing attackers to execute commands that could exfiltrate data, alter configurations, or disrupt device operations. No patches or exploits are currently publicly available, but the vulnerability is published and should be considered a critical risk for affected organizations. The flaw requires authentication, but since only low privileges are needed, attackers who gain limited access can escalate their control significantly.

The vulnerability allows attackers to execute arbitrary commands on affected DrayTek Vigor3900 routers, potentially leading to full device compromise. This can result in unauthorized access to sensitive network data, manipulation or disruption of network traffic, and denial of service conditions. Organizations relying on these routers for critical network infrastructure could face data breaches, operational outages, and lateral movement opportunities for attackers within internal networks. The high severity score indicates a broad impact on confidentiality, integrity, and availability. Since the attack requires only low-level authentication, insider threats or attackers who compromise credentials through phishing or other means could exploit this vulnerability. The lack of known exploits in the wild currently limits immediate widespread impact, but the risk of future exploitation remains high, especially in environments with weak access controls.

1. Immediately restrict access to the management interface of DrayTek Vigor3900 routers to trusted IP addresses and networks only, preferably via VPN or secure management channels. 2. Enforce strong authentication mechanisms and regularly rotate credentials to reduce the risk of credential compromise. 3. Monitor router logs and network traffic for unusual command execution patterns or unauthorized access attempts targeting the cgi-bin/mainfunction.cgi endpoint. 4. Disable or limit the use of the vulnerable CGI functionality if possible through configuration changes until a vendor patch is available. 5. Engage with DrayTek support to obtain information on patches or firmware updates addressing CVE-2024-45889 and apply updates promptly once released. 6. Conduct regular security assessments and penetration tests focusing on router management interfaces to detect similar vulnerabilities. 7. Implement network segmentation to isolate critical infrastructure and limit the impact of compromised devices. 8. Educate network administrators about this vulnerability and the importance of vigilant access control and monitoring.