CVE-2024-48074

Published Oct 28, 2024

Last updated 9 days ago

CVSS high 8.0

Overview

Description
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8
Impact score
5.9
Exploitability score
2.1
Vector string
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-78

Social media

Hype score
Not currently trending

  1. Threat Alert: CVE-2024-48074: RCE Flaw Discovered in DrayTek Vigor2960 Routers, PoC Published CVE-2024-48074 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/8vFBM24Bln #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    1 Nov 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-48074: RCE Flaw Discovered in DrayTek Vigor2960 Routers, PoC Published https://t.co/F3uoRwG9Q6

    @Dinosn

    31 Oct 2024

    1577 Impressions

    1 Retweet

    4 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  3. VPNルータDrayTek Vigor2960に遠隔コード実行の脆弱性。CVE-2024-48074はCVSSスコア8.0で、機器上のWebサーバ権限での任意コマンド実行が可能。管理用CGIにおけるコマンドインジェクション。既にPoC(攻撃の概念実証コード)が公開されている。 https://t.co/tVHdg7KHwQ

    @__kokumoto

    31 Oct 2024

    691 Impressions

    3 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. ⚠️⚠️ CVE-2024-48074: RCE Flaw Discovered in DrayTek Vigor2960 Routers, PoC Published 🔥PoC: https://t.co/IZC6UcIgaK 🎯52k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/BeCuZNrN0D FOFA Query:app="DrayTek-Vigor2960"… https://t.co/EVrJGq

    @fofabot

    31 Oct 2024

    1094 Impressions

    3 Retweets

    10 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-48074: RCE Flaw Discovered in DrayTek Vigor2960 Routers, PoC Published Discover the CVE-2024-48074 flaw in DrayTek Vigor2960 routers and learn how it can lead to remote code execution and complete device takeover https://t.co/l3X5MHYSc1

    @the_yellow_fall

    31 Oct 2024

    360 Impressions

    2 Retweets

    4 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-48074 An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the … https://t.co/5tVucL8W7p

    @CVEnew

    28 Oct 2024

    370 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References