CVE-2024-12986 | DrayTek Vigor2960/Vigor300B 1.5.1.3/1.5.1.4 Web Management Interface apmcfgupptim session os command injection

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session leads to os command injection.

The identification of this vulnerability is CVE-2024-12986. The attack may be initiated remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2024-12986 | DrayTek Vigor2960/Vigor300B 1.5.1.3/1.5.1.4 Web Management Interface apmcfgupptim session os command injection

Related Posts

CVE-2024-37641 | TRENDnet TEW-814DAP 1.01B01 Parameter /formNewSchedule submit-url stack-based overflow

CVE-2024-22490 | beetl-bbs 2.0 /index keyword cross site scripting

CVE-2024-11867 | papin Companion Portfolio Plugin up to 2.4.0.1 on WordPress Shortcode companion-portfolio cross site scripting

CVE-2022-31670 | Harbor improper authorization (GHSA-3637-v6vq-xqqw)