WARNING: MEDIUM SEVERITY COMMAND INJECTION VULNERABILITY IN DRAYTEK VIGOR2960 AND VIGOR300B ROUTER SOFTWARE, PATCH IMMEDIATELY!
Referentie:
Advisory #2025-02
Versie:
1.0
Geïmpacteerde software:
DrayTek Vigor2960 and Vigor300B router software
Type:
(OS) Command Injection vulnerability
CVE/CVSS:
CVE-2024-12987: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Datum:
03/01/2025
Bronnen
https://nvd.nist.gov/vuln/detail/CVE-2024-12987
Risico’s
A CVSS 6.9 medium severity vulnerability exists in DrayTek Vigor2960 and Vigor300B router software version 1.5.1.4. If left unpatched, affected devices are vulnerable to command injection attacks with possible impact on confidentiality, integrity and availability of systems and data.
CVE-2024-12987 is fixed via firmware update to version 1.5.1.5.
A proof of concept exploit (PoC) exists although no evidence is available that the vulnerability is currently actively exploited.
Beschrijving
CVE-2024-12987 is an 'Improper Neutralization of Special Elements used in an (OS) Command' type of vulnerability, also known as '(OS) Command Injection' and exists in an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the Web Management Interface component.
If exploited successfully, an attacker can inject malicious (OS) commands with further unknown impact.
Aanbevolen acties
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/nl/cert/een-incident-melden.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.