CVE-2020-15415

⚠ KEVEPSS 93.0%

DrayTek Multiple Vigor Routers OS Command Injection Vulnerability

Added to CISA KEV: 9/30/2024

Description

DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used.

Affected packages (0)

No package mapping in OSV.