Vulnerabilities

CVE-2020-15415

by Fred · 30/06/2020

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.

Date published : 2020-06-30

https://github.com/CLP-team/Vigor-Commond-Injection

https://www.draytek.com/about/security-advisory

Related

Tags: Cybersecurity Alert