CVE-2024-48074
CVE-2024-48074
Vexday Risk Score
43Atención
Decisión SSVC (CISA)
Act
Explotación + impacto → acción inmediata
CVSS 8EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
28 oct 2024Publicada en NVD
Recomendación: Corregir cuanto antes — hay explotación activa confirmada.
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function.
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/a