Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-12986 PoC — DrayTek Vigor2960和Vigor300B 命令注入漏洞

Source
https://github.com/Aether-0/CVE-2024-12986
Associated Vulnerability
Title:DrayTek Vigor2960和Vigor300B 命令注入漏洞 (CVE-2024-12986)
Description:DrayTek Vigor300B和DrayTek Vigor 2960都是中国居易科技(DrayTek)公司的产品。Vigor300B是一款负载均衡路由器。DrayTek Vigor 2960是一款双 WAN 宽带路由器/VPN 网关。 DrayTek Vigor2960和Vigor300B 1.5.1.3至1.5.1.4版本存在命令注入漏洞,该漏洞源于Web管理界面组件/cgi-bin/mainfunction.cgi/apmcfgupptim的session参数可以导致操作系统命令注入。
File Snapshot

 [4.0K]  /data/pocs/655f36e08165e69e9f09f82b82d5fa6fa9795da6
├── [2.8K]  exploit.py
├── [4.2K]  README.MD
└── [3.2K]  scan.sh

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.