216.73.217.22

CVE-2020-15415

· Published 30/09/2024 02:00 · Modified 20/12/2025 23:22 · Author: Cybersecurity and Infrastructure Security Agency

Labels: CVE-2020-15415

Essential information

Published
30/09/2024 02:00
Modified
20/12/2025 23:22
Author
Cybersecurity and Infrastructure Security Agency
Creator
Cybersecurity and Infrastructure Security Agency
CISA KEV
Yes
CWE

Description

DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used.

NVD status

NVD
View on NVD

Related entities

Attack reports, intrusion sets, malwares, attack patterns and indicators linked to this vulnerability.

Attack reports (1)