4 matches found
CVE-2020-15415
creationtimestamp| type| source ---|---|--- 2023-02-19 12:43:33+00:00| published-proof-of-concept| https://t.me/JerusalemElectronicArmy/179 2024-09-30 18:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2025-02-23 02:10:59+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123...
VulnCheck KEV: CVE-2020-15415
DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used...
DrayTek Command Injection (CVE-2020-15415)
A command injection vulnerability exists in DrayTek. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2020-15415
DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 are affected by CVE-2020-15415. The issue is an OS command injection in /cgi-bin/mainfunction.cgi/cvmcfgupload that allows remote code execution via shell metacharacters in a filename when the request uses content type text/x-python...