CVE-2024-12987 | DrayTek Vigor2960/Vigor300B 1.5.1.4 Web Management Interface apmcfgupload session os command injection

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection.

This vulnerability is traded as CVE-2024-12987. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2024-12987 | DrayTek Vigor2960/Vigor300B 1.5.1.4 Web Management Interface apmcfgupload session os command injection

Post correlati

CVE-2024-25165 | SWFTools 0.9.2 lib/swf5compiler.flex LineText buffer overflow (Issue 217)

CVE-2024-47556 | Xerox FreeFlow Core up to 7.0.10 on Windows path traversal

CVE-2024-11942 | Drupal up to 10.2.9 File error condition (sa-core-2024-002)

CVE-2023-49182 | Fabio Marzocca List All Posts Plugin up to 2.7.10 on WordPress cross site scripting