CVE-2024-12987CISA KEV: Actively Exploited

DrayTek Vigor Routers OS Command Injection Vulnerability

Published May 15, 2025·Updated May 15, 2025

Description

DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free