Описание
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument password leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Ссылки
- Exploit
- Permissions RequiredThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Exploit
- Permissions RequiredThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Одновременно
EPSS
7.2 High
CVSS3
8.8 High
CVSS3
8.3 High
CVSS2
Дефекты
Связанные уязвимости
A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1225C of the file mainfunction.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability.
Уязвимость функции sub_1225C сценария mainfunction.cgi веб-интерфейса микропрограммного обеспечения маршрутизаторов DrayTek Vigor, позволяющая нарушителю выполнять произвольные команды
EPSS
7.2 High
CVSS3
8.8 High
CVSS3
8.3 High
CVSS2