| शीर्षक | DrayTek Vigor 300B v1.5.1.6 OS Command Injection |
|---|
| विवरण | A serious command injection vulnerability was discovered in the Web management interface of the DrayTek Vigor device. This vulnerability is located in the /cgi-bin/mainfunction.cgi/uploadlangs route that handles language package uploads.
The application obtains the file information through cgiGetFile. In the sub_1157C function, the system extracts the file name and attempts to move it to the specified directory. Due to improper handling of the file name parameter, an injection risk was caused: |
|---|
| स्रोत | ⚠️ https://github.com/master-abc/cve/issues/42 |
|---|
| उपयोगकर्ता | jiefengliang (UID 93721) |
|---|
| सबमिशन | 12/02/2026 08:51 AM (2 महीनों पहले) |
|---|
| संयम | 23/02/2026 05:34 PM (11 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 347394 [DrayTek Vigor 300B तक 1.5.1.6 Web Management Interface uploadlangs cgiGetFile Arquivo अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|