CVE-2024-12987

HIGH KEV NUCLEI

DrayTek Vigor2960 and Vigor300B 1.5.1.4 - OS Command Injection via apmcfgupload Session Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-12987 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 15, 2025. A Nuclei detection template is also available.

Description

A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component.

Nuclei Templates (1)

DrayTek Vigor - Command Injection
CRITICALby ritikchaddha
FOFA: "excanvas.js" && "lang == \"zh-cn\"" && "detectLang" && server=="DWS"

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.289380
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.289380
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.468795

Scores

CVSS v3 7.3
EPSS 0.7899
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2025-05-15
VulnCheck KEV 2025-02-12
ENISA EUVD EUVD-2024-51246
CWE
CWE-78 CWE-77
Status published
Products (2)
draytek/vigor2960_firmware 1.5.1.4
draytek/vigor300b_firmware 1.5.1.4
Published Dec 27, 2024
KEV Added May 15, 2025
Tracked Since Feb 18, 2026