- Description
- A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component.
- Source
- cna@vuldb.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 6.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Secondary
- Base score
- 7.3
- Impact score
- 3.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- HIGH
CVSS 2.0
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- cna@vuldb.com
- CWE-77
- Hype score
- Not currently trending
CVE-2024-12987 affecting DrayTek Routers #DraytekRouters #CVE-2024-12987 https://t.co/RKSvyRdiTa
@pravin_karthik
1 Jan 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12987 (CVSS:7.3, HIGH) is Awaiting Analysis. A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an ..https://t.co/6RgjqimNSq #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
1 Jan 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
66,000 DrayTek Gateways Vulnerable to Remote Command Injection (CVE-2024-12987), PoC Published. #CyberSecurity #informationsecurity https://t.co/PXTErXX0jQ
@SecAdvsAlerts
31 Dec 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2024-12987 in DrayTek Gateways Vulnerable to Remote Command Injection 🔥PoC: https://t.co/chaPO2U82N 🎯75k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/DSFi7SdFYI FOFA Query:app="DrayTek-Vigor300B" || app="DrayTek-Vigor2960"
@fofabot
31 Dec 2024
1021 Impressions
7 Retweets
20 Likes
10 Bookmarks
0 Replies
0 Quotes
66,000 DrayTek Gateways Vulnerable to Remote Command Injection (CVE-2024-12987), PoC Published https://t.co/iG6ZnpSC6W
@Dinosn
31 Dec 2024
1361 Impressions
0 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2024-12987: DrayTek Vigor2960/Vigor300B Web Management Interface Apmcfgupload Os Command Injection ⚠️The /cgi-bin/mainfunction.cgi/apmcfgupload endpoint fails to adequately sanitize the session parameter, enabling attackers to inject malicious commands. ZoomEye… https://
@zoomeye_team
31 Dec 2024
927 Impressions
4 Retweets
8 Likes
3 Bookmarks
0 Replies
0 Quotes
66,000 DrayTek Gateways Vulnerable to Remote Command Injection (CVE-2024-12987), PoC Published Discover the latest security flaw affecting popular DrayTek gateway devices. Learn how it enables remote command execution and puts over 66,000 devices at risk https://t.co/0ypuAnTKxl
@the_yellow_fall
31 Dec 2024
200 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12987 A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunc… https://t.co/7Oe0uXYrhU
@CVEnew
28 Dec 2024
199 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12987 Critical OS Command Injection in DrayTek Vigor Remote Exploit A critical vulnerability exists in DrayTek Vigor2960 and Vigor300B version 1.5.1.4. It affects an unknown function in the file /cgi-bin... https://t.co/Gkd28qbySF
@VulmonFeeds
28 Dec 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes