Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%

CVE-2024-12987 PoC — DrayTek Vigor300B和DrayTek Vigor2960 安全漏洞

Source
Associated Vulnerability
Title:DrayTek Vigor300B和DrayTek Vigor2960 安全漏洞 (CVE-2024-12987)
Description:DrayTek Vigor300B和DrayTek Vigor2960都是中国居易科技(DrayTek)公司的产品。Vigor300B是一款负载均衡路由器。DrayTek Vigor2960是一款路由器。 DrayTek Vigor300B和DrayTek Vigor2960 1.5.1.4版本存在安全漏洞,该漏洞源于组件Web管理界面文件/cgi-bin/mainfunction.cgi/apmcfgupload的session参数会导致os命令注入。
Description
DrayTek Gateway devices (Vigor2960, Vigor300B, etc.) are vulnerable to command injection via the session parameter in the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint. An attacker can inject arbitrary commands and retrieve their output.
File Snapshot

id: CVE-2024-12987 info: name: DrayTek Vigor - Command Injection author: ritikchaddha severit ...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.