Vulnerability Details CVE-2024-48074
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.1%
CVSS Severity
CVSS v3 Score 8.0
References
Products affected by CVE-2024-48074
-
cpe:2.3:h:draytek:vigor2960:-
-
cpe:2.3:o:draytek:vigor2960_firmware:1.4.4