AI Score
Confidence
Low
EPSS
Percentile
69.0%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi ‘parameter’ parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
[
{
"cpes": [
"cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:*:*:*:*:*:*:*"
],
"vendor": "draytek",
"product": "vigor2960_firmware",
"versions": [
{
"status": "affected",
"version": "1.5.1.4"
}
],
"defaultStatus": "unknown"
}
]