A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code.
References
Link | Resource |
---|---|
https://gist.github.com/Cossack9989/e9c1c2d2e69b773ca4251acdd77f2835 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-29T19:30:16
Updated: 2022-03-29T19:30:16
Reserved: 2021-10-25T00:00:00
Link: CVE-2021-42911
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-29T20:15:07.690
Modified: 2022-04-05T18:20:46.887
Link: CVE-2021-42911
JSON object: View
Redhat Information
No data.
CWE