The vulnerability of the set_ap_map_config() function in the mainfunction.cgi script of the DrayTek Vigor 3900, Vigor 2960, and Vigor 300B router microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the setapmapconfig function in the mainfunction.cgi script of the DrayTek Vigor 3900, Vigor 2960, and Vigor 300B routers relates to the failure to eliminate the and & elements used in the operating system’s command when processing the action parameter. Exploiting this...