| Titolo | DrayTek Vigor2960, Vigor300B Software Version: 1.5.1.3, 1.5.1.4 Command Injection |
|---|
| Descrizione | DrayTek Gateway devices, including models Vigor2960 and Vigor300B, are vulnerable to command injection via the web management interface. The vulnerability can be exploited by sending a malformed HTTP request to the `/cgi-bin/mainfunction.cgi/apmcfgupptim` endpoint. An attacker can inject arbitrary commands by manipulating the `session` parameter, affecting over 66,000 Internet-connected devices. |
|---|
| Fonte | ⚠️ https://netsecfish.notion.site/Command-Injection-in-apmcfgupptim-endpoint-for-DrayTek-Gateway-Devices-1676b683e67c80b9ad8cc37b93273bf6?pvs=4 |
|---|
| Utente | netsecfish (UID 64568) |
|---|
| Sottomissione | 25/12/2024 09:11 (1 Anno fa) |
|---|
| Moderazione | 27/12/2024 09:03 (2 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 289379 [DrayTek Vigor2960/Vigor300B 1.5.1.3/1.5.1.4 Web Management Interface apmcfgupptim session escalationi di privilegi] |
|---|
| Punti | 16 |
|---|