Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

70 matches found

Nuclei
Nucleiadded 2026/05/11 5:40 a.m.132 views

DrayTek - Remote Code Execution

DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. id: CVE-2020-8515 info: name: DrayTek - Remote Code Execution...

10CVSS7.9AI score0.94318EPSS
Exploits7References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.5 views

EUVD-2020-3229

Malware in sbrugna...

9.8CVSS9.3AI score0.09583EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-6609

Malware in sbrugna...

9.8CVSS9.3AI score0.02669EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2020-6610

Malware in sbrugna...

9.8CVSS9.3AI score0.00891EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2020-7123

Malware in sbrugna...

9.8CVSS9.3AI score0.11637EPSS
Exploits2References5
RedhatCVE
RedhatCVEadded 2025/02/05 10:24 a.m.7 views

CVE-2024-12986

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session...

9.8CVSS7.5AI score0.70632EPSS
Exploits1References1
OSV
OSVadded 2024/12/27 4:15 p.m.1 views

CVE-2024-12987

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command...

9.8CVSS5.5AI score0.78989EPSS
Exploits1References8
OSV
OSVadded 2024/12/27 4:15 p.m.0 views

CVE-2024-12986

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session...

9.8CVSS5.4AI score
Exploits0References4
NVD
NVDadded 2024/12/27 4:15 p.m.11 views

CVE-2024-12986

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session...

9.8CVSS0.70632EPSS
Exploits1References4
Cvelist
Cvelistadded 2024/12/27 4:0 p.m.20 views

CVE-2024-12987 DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command...

7.5CVSS0.78989EPSS
Exploits1References4
CVE
CVEadded 2024/12/27 3:31 p.m.67 views

CVE-2024-12986

DrayTek Vigor2960/Vigor300B Web Management Interface (versions 1.5.1.3–1.5.1.4) contain a command-injection vulnerability in the /cgi-bin/mainfunction.cgi/apmcfgupptim endpoint where the session parameter is manipulated to achieve OS command execution. Exploitation can be remote and has been disc...

9.8CVSS7.7AI score0.70632EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2024/12/27 3:31 p.m.11 views

CVE-2024-12986 DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupptim os command injection

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session...

7.5CVSS7.2AI score0.70632EPSS
Exploits1References4
Cvelist
Cvelistadded 2024/12/27 3:31 p.m.20 views

CVE-2024-12986 DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupptim os command injection

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session...

7.5CVSS0.70632EPSS
Exploits1References4
CNNVD
CNNVDadded 2024/12/27 12:0 a.m.2 views

DrayTek Vigor300B和DrayTek Vigor2960 安全漏洞

DrayTek Vigor300B and DrayTek Vigor2960 are both products of China's DrayTek Corporation DrayTek.The Vigor300B is a load balancing router.The DrayTek Vigor2960 is a router... A security vulnerability exists in the DrayTek Vigor300B and DrayTek Vigor2960 version 1.5.1.4, which stems from a session...

9.8CVSS7.7AI score0.78989EPSS
Exploits1References5
CNNVD
CNNVDadded 2024/12/27 12:0 a.m.2 views

DrayTek Vigor2960和Vigor300B 命令注入漏洞

DrayTek Vigor300B and DrayTek Vigor 2960 are both products of China DrayTek DrayTek.Vigor300B is a load balancing router.DrayTek Vigor 2960 is a Dual WAN broadband router/VPN gateway. A command injection vulnerability exists in the DrayTek Vigor 2960 and Vigor300B versions 1.5.1.3 through 1.5.1.4...

9.8CVSS7.8AI score0.70632EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2024/12/27 12:0 a.m.10 views

CVE-2024-12987

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command...

9.8CVSS7.5AI score0.78989EPSS
In wildExploits1References5
Positive Technologies
Positive Technologiesadded 2024/12/27 12:0 a.m.4 views

PT-2024-17849 · Draytek · Draytek Vigor2960 +1

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor2960 and Vigor300B versions 1.5.1.3 through 1.5.1.4 Description: A critical issue has been found in the Web Management Interface component, affecting some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim. The...

9.8CVSS7.8AI score0.70632EPSS
Exploits1References15
CISA KEV Catalog
CISA KEV Catalogadded 2024/09/30 12:0 a.m.35 views

DrayTek Multiple Vigor Routers OS Command Injection Vulnerability

DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used...

9.8CVSS8.4AI score0.93003EPSS
In wildExploits1
Positive Technologies
Positive Technologiesadded 2024/08/29 12:0 a.m.3 views

PT-2024-8279 · Draytek · Draytek Vigor300B +2

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 DrayTek Vigor 2960 affected versions not specified DrayTek Vigor 300B affected versions not specified Description: The issue is related to a post-authentication command injection. This occurs when the action...

8CVSS7.8AI score0.00574EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEVadded 2022/01/12 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-10828

A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request...

9.8CVSS8.1AI score0.13418EPSS
Exploits1References1
Rows per page
Query Builder