CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2CVE-2024-12986 – DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupptim os command injection
https://notcve.org/view.php?id=CVE-2024-12986
27 Dec 2024 — A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Aether-0/CVE-2024-12986 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-43118
https://notcve.org/view.php?id=CVE-2021-43118
29 Mar 2022 — A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de Inyección de Comando Remoto en DrayTek Vigor 2960 versión 1.5.1.3, DrayTek Vigor 3900 versión 1.5.1.3, y DrayTek Vigor 300B versión 1.5.1.3, por medio de un mensaje HTTP diseñado que contiene un... • https://gist.github.com/Cossack9989/6034c077f46e4f06d0992e9f2fae7f26 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •