The vulnerability of the doOpenVPN() function in the mainfunction.cgi script of the DrayTek Vigor 3900, Vigor 2960, and Vigor 300B routers allows a hacker to execute arbitrary commands.
The vulnerability of the doOpenVPN function in the mainfunction.cgi script of the DrayTek Vigor 3900, Vigor 2960, and Vigor 300B routers is related to the failure to eliminate the and & elements used in the operating system’s command when processing the action parameter. Exploiting this...