QwikSec

Security Database

CVE

CWE

Training

CVE-2023-24229

Published: Mar 15, 2023

Modified: Aug 2, 2024

PUBLISHED

Description

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.draytek.com/

https://github.com/sadwwcxz/Vul

https://web.archive.org/web/20230315181013/https://github.com/sadwwcxz/Vul

https://www.draytek.co.uk/support/guides/kb-remotemanagement

https://www.draytek.com/support/knowledge-base/5465

https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.