CVE-2024-12987 - DrayTek Vigor Routers
AI Vulnerability ContextA vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrad...
Overview
A source-backed snapshot of this vulnerability.
A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2024-12987
- Vendor/project
- DrayTek
- Product
- Vigor Routers
- Vulnerability name
- DrayTek Vigor Routers OS Command Injection Vulnerability
- Date added
- 2025-05-15
- Due date
- 2025-06-05
- Known ransomware campaign use
- Unknown
- CVSS v3
- 7.3
- CVSS v4
- 6.9
Exploit context
What the vulnerability is about.
A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
