Remote Command Execution in DrayTek Vigor2960 1.5.1 via Shell Metacharacters in toLogin2FA Action

Remote Command Execution in DrayTek Vigor2960 1.5.1 via Shell Metacharacters in toLogin2FA Action

CVE-2020-19664 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.

Learn more about our Web Application Penetration Testing UK.