CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-12986

A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.382

EPSS Ranking 97.0%

CVSS Severity

CVSS v3 Score 7.3

CVSS v2 Score 7.5

References

Products affected by CVE-2024-12986

Draytek » Vigor2960 » Version: N/A

cpe:2.3:h:draytek:vigor2960:-
Draytek » Vigor300b » Version: N/A

cpe:2.3:h:draytek:vigor300b:-
Draytek » Vigor2960 Firmware » Version: 1.5.1.3

cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.3
Draytek » Vigor2960 Firmware » Version: 1.5.1.4

cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4
Draytek » Vigor300b Firmware » Version: 1.5.1.3

cpe:2.3:o:draytek:vigor300b_firmware:1.5.1.3
Draytek » Vigor300b Firmware » Version: 1.5.1.4

cpe:2.3:o:draytek:vigor300b_firmware:1.5.1.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-12986

Products

Pricing

Contact Us