(cache)CVE Record

Required CVE Record Information

CNA: MITRE Corporation

expand

Description

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.

Product Status

Learn more

Information not provided

References

https://www.draytek.com/about/security-advisory
external site
https://github.com/CLP-team/Vigor-Commond-Injection
external site

CVE Program

expand

Updated: 2024-08-04

This container includes required additional information provided by the CVE Program for this vulnerability.

References

https://www.draytek.com/about/security-advisory
external site
x_transferred
https://github.com/CLP-team/Vigor-Commond-Injection
external site
x_transferred

Authorized Data Publishers

Learn more

CISA-ADP

collapse