DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2024-12987 | DrayTek Vigor Routers OS Command Injection Vulnerability | exploitation_technique | T1068 | Exploitation for Privilege Escalation |
Comments
An unauthenticated, remote attacker can exploit this vulnerability to escalate privileges and execute arbitrary code with root access.
References
|
| CVE-2024-12987 | DrayTek Vigor Routers OS Command Injection Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
An unauthenticated, remote attacker can exploit this vulnerability to escalate privileges and execute arbitrary code with root access.
References
|