CVE-2020-15415CISA KEV: Actively Exploited

DrayTek Multiple Vigor Routers OS Command Injection Vulnerability

Published Sep 30, 2024·Updated Sep 30, 2024

Description

DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free