Описание
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
8 High
CVSS3
Дефекты
Связанные уязвимости
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function.
Уязвимость функции doPPPoE в файле cgi-bin/mainfunction.cgi микропрограммного обеспечения маршрутизатора DrayTek Vigor 2960, позволяющая нарушителю выполнить произвольный код
EPSS
8 High
CVSS3