cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12987,https://securityvulnerability.io/vulnerability/CVE-2024-12987,Web Management Interface Command Injection Vulnerability in DrayTek Vigor Devices,"A remote command injection vulnerability has been identified within the web management interface of DrayTek's Vigor2960 and Vigor300B devices. This vulnerability arises from improper manipulation of the session argument in the file located at /cgi-bin/mainfunction.cgi/apmcfgupload. Attackers can exploit this flaw remotely to execute arbitrary operating system commands on the vulnerable device, potentially compromising its integrity and security. Users are strongly advised to upgrade to the latest version, 1.5.1.5, to mitigate this risk and enhance their system's defense against such attacks.",Draytek,"Vigor2960,Vigor300b",,,0.0004600000102072954,false,,false,false,true,2024-12-27T16:00:13.000Z,true,false,false,,2024-12-27T16:00:13.600Z,238
CVE-2024-12986,https://securityvulnerability.io/vulnerability/CVE-2024-12986,OS Command Injection Vulnerability in DrayTek Vigor2960 and Vigor300B,"A vulnerability has been identified within the web management interface of DrayTek Vigor2960 and Vigor300B devices that allows for OS command injection through improper handling of the session argument in the /cgi-bin/mainfunction.cgi/apmcfgupptim file. This flaw could potentially be exploited remotely, enabling attackers to execute arbitrary commands on the underlying operating system. Affected users are strongly encouraged to upgrade their devices to version 1.5.1.5 to mitigate the risk associated with this vulnerability. Awareness and prompt action can prevent unauthorized access and maintain the integrity of network devices.",Draytek,"Vigor2960,Vigor300b",6.9,MEDIUM,0.0004600000102072954,false,,false,false,true,2024-12-27T15:31:05.000Z,true,false,false,,2024-12-27T15:31:05.003Z,0
CVE-2023-6265,https://securityvulnerability.io/vulnerability/CVE-2023-6265,DrayTek Vigor2960 mainfunction.cgi dumpSyslog 'option' directory traversal,"The Draytek Vigor2960 routers, specifically versions v1.5.1.4 and v1.5.1.5, are susceptible to a directory traversal vulnerability through the mainfunction.cgi dumpSyslog 'option' parameter. This allows an authenticated user with access to the web management interface to exploit this flaw and delete arbitrary files on the system. It is important to note that the Vigor2960 has reached its end of life, meaning it is no longer supported or receiving security updates, which increases the risk of exploitation.",DrayTek,Vigor2960,8.1,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-11-22T20:15:00.000Z,0
CVE-2023-24229,https://securityvulnerability.io/vulnerability/CVE-2023-24229,Command Injection Vulnerability in DrayTek Vigor2960,"The DrayTek Vigor2960, specifically version v1.5.1.4, is susceptible to a command injection vulnerability that allows authenticated attackers with network access to exploit the web management interface. Through the manipulation of the 'parameter' parameter in the mainfunction.cgi script, an attacker can inject operating system commands, potentially compromising the device's integrity. It's important to note that this vulnerability is limited to devices that have reached their end-of-life and are no longer supported by the vendor.",Draytek,Vigor2960 Firmware,7.8,HIGH,0.008510000072419643,false,,false,false,false,,,false,false,,2023-03-15T00:00:00.000Z,0
CVE-2021-43118,https://securityvulnerability.io/vulnerability/CVE-2021-43118,Remote Command Injection Flaw in DrayTek Vigor Series Routers,"A vulnerability has been identified within specific models of DrayTek Vigor routers that allows unauthorized remote command execution. By sending a specially crafted HTTP request containing a malformed query string to the affected devices, an attacker could exploit this flaw to execute arbitrary commands on the router. This type of vulnerability poses significant risks to network integrity and confidentiality, potentially leading to unauthorized access and data breaches.",Draytek,Vigor2960 Firmware,9.8,CRITICAL,0.0019499999471008778,false,,false,false,false,,,false,false,,2022-03-29T19:37:57.000Z,0
CVE-2021-42911,https://securityvulnerability.io/vulnerability/CVE-2021-42911,Format String Vulnerability in DrayTek Vigor Routers,"A Format String vulnerability has been identified in multiple models of DrayTek Vigor routers, including Vigor 2960, Vigor 3900, and Vigor 300B, specifically in the handling of inputs through the mainfunction.cgi file. An attacker could exploit this vulnerability by sending a specially crafted HTTP message with a malformed QUERY STRING, potentially enabling remote execution of arbitrary code on the affected devices. This poses significant risks to network integrity and user data security.",Draytek,Vigor2960 Firmware,9.8,CRITICAL,0.006339999847114086,false,,false,false,false,,,false,false,,2022-03-29T19:30:16.000Z,0
CVE-2020-19664,https://securityvulnerability.io/vulnerability/CVE-2020-19664,Remote Command Execution Flaw in DrayTek Vigor2960,"The DrayTek Vigor2960 running version 1.5.1 is susceptible to a vulnerability that allows remote command execution. This flaw is exploited through specially crafted shell metacharacters within the toLogin2FA action in mainfunction.cgi. When manipulated by an attacker, this could enable unauthorized command execution on the device, potentially leading to significant security breaches.",Draytek,Vigor2960 Firmware,8.8,HIGH,0.14935000240802765,false,,false,false,false,,,false,false,,2020-12-31T01:23:10.000Z,0
CVE-2020-8515,https://securityvulnerability.io/vulnerability/CVE-2020-8515,Remote Code Execution Vulnerability in DrayTek Vigor Series Routers,"DrayTek's Vigor2960, Vigor3900, and Vigor300B routers contain a serious vulnerability that allows unauthorized remote code execution. This flaw arises when users access the cgi-bin/mainfunction.cgi URI with shell metacharacters, permitting attackers to execute arbitrary commands with root privileges without any authentication. Users are advised to update their devices to version 1.5.1 or later to mitigate this security risk.",Draytek,Vigor2960 Firmware,9.8,CRITICAL,0.9667400121688843,true,2021-11-03T00:00:00.000Z,false,false,true,2021-09-01T22:47:54.000Z,true,false,false,,2020-02-01T12:36:59.000Z,0