Web Management Interface Command Injection Vulnerability in DrayTek Vigor Devices

CVE-2024-12987

What is CVE-2024-12987?

CVE-2024-12987 is a critical vulnerability affecting DrayTek Vigor2960 and Vigor300B devices, specifically within their Web Management Interface. This vulnerability arises from an issue in the handling of specific commands, allowing for remote command injection. Such a flaw can have dire consequences for organizations, as it may enable attackers to execute malicious commands on the underlying operating system, potentially compromising system integrity and confidential information.

Technical Details

This vulnerability is located in the file /cgi-bin/mainfunction.cgi/apmcfgupload of the affected DrayTek devices, where an improper handling of the session argument can lead to os command injection. The flaw was introduced in version 1.5.1.4 and has been classified as critical due to its severity. Attackers can exploit this issue remotely, making it easier for threat actors to impact vulnerable systems without needing physical access.

Potential impact of CVE-2024-12987

1. Unauthorized Access and Control: Attackers can gain unauthorized access to the affected devices, allowing them to execute arbitrary commands that could lead to full system compromise.

2. Data Breach Risk: The ability to run commands remotely could expose sensitive data stored on or managed by the affected devices, leading to significant data leaks and regulatory implications for organizations.

3. Increased Attack Surface: Exploitation of this vulnerability could serve as a foothold for further attacks within the network, enabling adversaries to move laterally and target additional systems, thereby escalating their attack.

References