CVE-2024-12987

systemtek-co-uk

CommandInjectioninapmcfguploadendpointforDrayTekGatewayDevices(CVE-2024-12987)

ArmisSecurity

Threat Alert: CVE-2024-12987 DrayTek Vigor Routers – Critical OS Command Injection Vulnerability This critical vulnerability affects DrayTek Vigor2960, Vigor300B, and Vigor3900 routers running firmware v1.5.1.4. It allows unauthenticated attackers to inject and execute arbitrary system commands via the Web Management Interface, posing a major risk of full system takeover and lateral movement within networks. Armis Centrix™ for Early Warning added CVE-2024-12987 to the list of known vulnerabilities being exploited in the wild on January 7, 2025, while CISA added it to their KEV catalog on May 15, 2025, making Armis Centrix™ for Early Warning early by 128 days. Learn more about the impact of this threat and how proactive measures can help protect your organization: https://t.co/kw1PTtHkkN Looking for real-time context on this CVE, community-driven prioritization, and actionable insights tailored to your specific industry? Make sure to check out our Armis Vulnerability Intelligence Database: https://t.co/TItdKaKuqu #ThreatAlert #CyberSecurity #VulnerabilityManagement #NetworkSecurity

Shadowserver

A Mirai botnet is attempting exploitation in the wild using a new (at least to us) set of CVEs. Includes: - Tenda CVE-2024-41473 - Draytek CVE-2024-12987 - HuangDou UTCMS V9 CVE-2024-9916 - Totolink CVE-2024-2353 CVE-2024-24328 CVE-2024-24329 - (likely) Four-Faith CVE-2024-9644

zoomeye_team

CVE-2024-12987: DrayTek Vigor2960/Vigor300B Web Management Interface Apmcfgupload Os Command Injection The /cgi-bin/mainfunction.cgi/apmcfgupload endpoint fails to adequately sanitize the session parameter, enabling attackers to inject malicious commands. ZoomEye Dorkapp="DrayTek Vigor 300B broadband router httpd" || app="DrayTek Vigor2960 router httpd" 102k+ results are found on ZoomEye. ZoomEye Link: https://t.co/Uh49BMnE5m Refer: https://t.co/uyuRgZrvf0 #Cyberspacemapping #cybersecurity #ZoomEye #infosec2024

CVEnew

CVE-2024-12987 A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunc… https://t.co/7Oe0uXYrhU