| 제목 | DrayTek Vigor2960, Vigor300B 1.5.1.4 Command Injection |
|---|
| 설명 | DrayTek Gateway devices, including models Vigor2960 and Vigor300B, are vulnerable to command injection via the web management interface. The vulnerability can be exploited by sending a malformed HTTP request to the `/cgi-bin/mainfunction.cgi/apmcfgupload` endpoint. An attacker can inject arbitrary commands by manipulating the `session` parameter, affecting over 66,000 Internet-connected devices. |
|---|
| 원천 | ⚠️ https://netsecfish.notion.site/Command-Injection-in-apmcfgupload-endpoint-for-DrayTek-Gateway-Devices-1676b683e67c8040b7f1f0ffe29ce18f?pvs=4 |
|---|
| 사용자 | netsecfish (UID 64568) |
|---|
| 제출 | 2024. 12. 25. AM 09:14 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 12. 27. AM 09:04 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 289380 [DrayTek Vigor2960/Vigor300B 1.5.1.4 Web Management Interface apmcfgupload session 권한 상승] |
|---|
| 포인트들 | 16 |
|---|