EIP-2026-101121

PRE-CVE

Draytek Vigor 3900 1.06 - Local Privilege Escalation

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101121. PoCs published by Mohammad abou hayt.

AI-analyzed exploit summary This writeup details a privilege escalation vulnerability in DrayTek Vigor 3900 firmware 1.06, where any user can gain root shell access via the 'sh draytekv3900' command due to improper BusyBox shell restrictions. The author demonstrates the issue by logging in as a limited user and executing the command to obtain a root shell.

Description

Draytek Vigor 3900 1.06 - Local Privilege Escalation

Exploits (1)

exploitdb WRITEUP
by Mohammad abou hayt · textlocalhardware
https://www.exploit-db.com/exploits/24899

This writeup details a privilege escalation vulnerability in DrayTek Vigor 3900 firmware 1.06, where any user can gain root shell access via the 'sh draytekv3900' command due to improper BusyBox shell restrictions. The author demonstrates the issue by logging in as a limited user and executing the command to obtain a root shell.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: DrayTek Vigor 3900 firmware 1.06
Auth required
Prerequisites: Access to the device via SSH with any user credentials
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026