CVE-2020-15415
DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
84.2%
p100
KEV
SÍ
30 sept 2024
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
DrayTek / Multiple Vigor Routers
Vulnerabilidad
DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
Añadido a KEV
30 sept 2024
Remediar antes de
21 oct 2024
Uso conocido en ransomware
No
Descripción resumida
DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-(cve-2020-14472) ; https://nvd.nist.gov/vuln/detail/CVE-2020-15415