EIP-2026-101121

This writeup details a privilege escalation vulnerability in DrayTek Vigor 3900 firmware 1.06, where any user can gain root shell access via the 'sh draytekv3900' command due to improper BusyBox shell restrictions. The author demonstrates the issue by logging in as a limited user and executing the command to obtain a root shell.