3 matches found
DrayTek Vigor 1.5.1.1 (CVE-2020-19664)
The version of DrakTek Vigor installed on the remote host is prior to 1.5.1.1. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-19664 advisory. - DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi...
CVE-2020-19664
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi...
CVE-2020-19664
Conflict-free summary (CVE-2020-19664): Affects DrayTek Vigor2960 firmware, notably 1.5.1, where remote command execution is possible via shell metacharacters in a toLogin2FA action directed at mainfunction.cgi. Root cause: failure to neutralize shell metacharacters in the toLogin2FA path. Conseq...