DrayTek (Multiple Vigor Routers) Data Breach
DrayTek (Multiple Vigor Routers) experienced a data breach that was reported on September 30, 2024. DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacter
Key Facts
- Organization
- DrayTek (Multiple Vigor Routers)
- Date Reported
- September 30, 2024
- Incident Type
- web app exploit
- Industry
- Technology
- Severity Score
- 5/10
- Confidence Level
- high
- Tags
Source
View original source - External link to primary source documentation
Understanding web app exploit Incidents
Web application exploits target vulnerabilities in websites and APIs. Secure development practices, WAFs, and penetration testing protect against these attacks.