cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12987,https://securityvulnerability.io/vulnerability/CVE-2024-12987,Web Management Interface Command Injection Vulnerability in DrayTek Vigor Devices,"A remote command injection vulnerability has been identified within the web management interface of DrayTek's Vigor2960 and Vigor300B devices. This vulnerability arises from improper manipulation of the session argument in the file located at /cgi-bin/mainfunction.cgi/apmcfgupload. Attackers can exploit this flaw remotely to execute arbitrary operating system commands on the vulnerable device, potentially compromising its integrity and security. Users are strongly advised to upgrade to the latest version, 1.5.1.5, to mitigate this risk and enhance their system's defense against such attacks.",Draytek,"Vigor2960,Vigor300b",,,0.0004600000102072954,false,,false,false,true,2024-12-27T16:00:13.000Z,true,false,false,,2024-12-27T16:00:13.600Z,238
CVE-2024-12986,https://securityvulnerability.io/vulnerability/CVE-2024-12986,OS Command Injection Vulnerability in DrayTek Vigor2960 and Vigor300B,"A vulnerability has been identified within the web management interface of DrayTek Vigor2960 and Vigor300B devices that allows for OS command injection through improper handling of the session argument in the /cgi-bin/mainfunction.cgi/apmcfgupptim file. This flaw could potentially be exploited remotely, enabling attackers to execute arbitrary commands on the underlying operating system. Affected users are strongly encouraged to upgrade their devices to version 1.5.1.5 to mitigate the risk associated with this vulnerability. Awareness and prompt action can prevent unauthorized access and maintain the integrity of network devices.",Draytek,"Vigor2960,Vigor300b",6.9,MEDIUM,0.0004600000102072954,false,,false,false,true,2024-12-27T15:31:05.000Z,true,false,false,,2024-12-27T15:31:05.003Z,0
CVE-2024-41592,https://securityvulnerability.io/vulnerability/CVE-2024-41592,stack-based overflow in GetCGI function,"The DrayTek Vigor3910 devices through 4.3.2.6 are affected by a stack-based overflow vulnerability when processing query string parameters, which can be exploited to crash the router or execute remote code. There are 14 newly discovered vulnerabilities in DrayTek Vigor routers, with the most concerning being buffer overflow and OC command injection vulnerabilities. Over 700,000 routers are exposed to the internet, making them easy targets for attackers. The vulnerabilities have been consistently exploited by threat actors, including Chinese APTs. Exploiting these vulnerabilities can lead to data theft, ransomware deployment, and denial-of-service attacks. DrayTek has released patches for the vulnerabilities, and users are urged to update their router firmware to the latest version to protect against these threats.",DrayTek,,,,0.0004299999854993075,false,,true,false,true,2024-10-02T21:33:09.000Z,,false,false,,2024-10-03T19:15:00.000Z,0