CVE-2024-12987: DrayTek Vigor Routers OS Command Injection Vulnerability.

DrayTek Vigor Routers OS Command Injection Vulnerability. DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface.

• CISA KEV-listed (remediation due 2025-06-05)
• EPSS 79.0% (99.1% percentile)

Browse the CVE database

Read the full analysis on IntelFusions