DrayTek - Remote Code Execution

DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. id: CVE-2020-8515 info: name: DrayTek - Remote Code Execution...

EUVD-2020-6609

Malware in sbrugna...

EUVD-2020-7123

Malware in sbrugna...

EUVD-2020-6610

Malware in sbrugna...

EUVD-2020-3229

Malware in sbrugna...

CVE-2024-12986

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session...

The vulnerability in the web interface for managing microprogrammed routing software from DrayTek, namely DrayTek Vigor2960 and Vigor300B, allows a hacker to execute arbitrary code.

The vulnerability of the web interface for managing DrayTek Vigor2960 and Vigor300B microprogramming systems lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by...

CVE-2024-12987

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command...

CVE-2024-12986

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session...

CVE-2024-12986

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session...

CVE-2024-12987 DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command...

CVE-2024-12986 DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupptim os command injection

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session...

CVE-2024-12986 DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupptim os command injection

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session...

CVE-2024-12986

DrayTek Vigor2960/Vigor300B Web Management Interface (versions 1.5.1.3–1.5.1.4) contain a command-injection vulnerability in the /cgi-bin/mainfunction.cgi/apmcfgupptim endpoint where the session parameter is manipulated to achieve OS command execution. Exploitation can be remote and has been disc...

DrayTek Vigor300B和DrayTek Vigor2960 安全漏洞

DrayTek Vigor300B and DrayTek Vigor2960 are both products of China's DrayTek Corporation DrayTek.The Vigor300B is a load balancing router.The DrayTek Vigor2960 is a router... A security vulnerability exists in the DrayTek Vigor300B and DrayTek Vigor2960 version 1.5.1.4, which stems from a session...

DrayTek Vigor2960和Vigor300B 命令注入漏洞

DrayTek Vigor300B and DrayTek Vigor 2960 are both products of China DrayTek DrayTek.Vigor300B is a load balancing router.DrayTek Vigor 2960 is a Dual WAN broadband router/VPN gateway. A command injection vulnerability exists in the DrayTek Vigor 2960 and Vigor300B versions 1.5.1.3 through 1.5.1.4...

PT-2024-17849 · Draytek · Draytek Vigor2960 +1

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor2960 and Vigor300B versions 1.5.1.3 through 1.5.1.4 Description: A critical issue has been found in the Web Management Interface component, affecting some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim. The...

CVE-2024-12987

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command...

DrayTek Multiple Vigor Routers OS Command Injection Vulnerability

DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used...

PT-2024-8279 · Draytek · Draytek Vigor300B +2

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 DrayTek Vigor 2960 affected versions not specified DrayTek Vigor 300B affected versions not specified Description: The issue is related to a post-authentication command injection. This occurs when the action...