2 matches found
The vulnerability of the set_ap_map_config() function in the mainfunction.cgi script of the DrayTek Vigor 3900, Vigor 2960, and Vigor 300B router microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the setapmapconfig function in the mainfunction.cgi script of the DrayTek Vigor 3900, Vigor 2960, and Vigor 300B routers relates to the failure to eliminate the and & elements used in the operating system’s command when processing the action parameter. Exploiting this...
PT-2024-31837 · Draytek · Draytek Vigor3900
Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: A command injection issue occurs when the action parameter in the "cgi-bin/mainfunction.cgi" endpoint is set to 'set ap map config'. This allows for potential command injection attacks...