DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.
References
Link | Resource |
---|---|
https://github.com/minghangshen/bug_poc | Exploit Third Party Advisory |
https://nosec.org/home/detail/4631.html | Exploit Third Party Advisory |
https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-%28cve-2020-19664%29/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-31T01:23:10
Updated: 2021-01-08T17:53:15
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-19664
JSON object: View
NVD Information
Status : Modified
Published: 2020-12-31T02:15:12.510
Modified: 2023-11-07T03:19:18.223
Link: CVE-2020-19664
JSON object: View
Redhat Information
No data.
CWE