CVE-2020-15415

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via...

Basic Information

CVE State: PUBLISHED
Reserved Date: June 30, 2020
Published Date: June 30, 2020
Last Updated: October 04, 2024
Vendor: n/a
Product: n/a
Description: On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.

CVSS Scores

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2024-09-30 00:00:00 UTC) Source

References

https://www.draytek.com/about/security-advisory https://github.com/CLP-team/Vigor-Commond-Injection

Known Exploited Vulnerability Information

Source	Added Date
CISA	2024-09-30 00:00:00 UTC