Draytek Vigor2960 vulnerabilities
3 known vulnerabilities affecting draytek/vigor2960.
Total CVEs
3
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-12987P1CRITICALCVSS 9.8KEVPoCv1.5.1.42024-12-27
CVE-2024-12987 [CRITICAL] CWE-77 CVE-2024-12987: A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.
A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. T
nvd
CVE-2024-12986P2CRITICALCVSS 9.8v1.5.1.3v1.5.1.42024-12-27
CVE-2024-12986 [CRITICAL] CWE-77 CVE-2024-12986: A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B
A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session leads to os command injection. The attack may be initi
nvd
CVE-2023-6265P3HIGHCVSS 8.1v1.5.1.4v1.5.1.52023-11-22
CVE-2023-6265 [HIGH] CWE-22 CVE-2023-6265: ** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory
** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.
nvd