A critical vulnerability with the identification CVE-2024-12987 has been discovered in DrayTek Vigor296 and Vigor300B devices running version 1.5.1.4. The vulnerability affects the Web Management Interface of these devices, specifically an unknown function within the file /cgi-bin/mainfunction.cgi/apmcfgupload. By exploiting this vulnerability, an attacker can use OS command injection to gain unauthorized access to these devices due to the improper handling of the "session" argument. The exploit has already been publicly disclosed, so it poses a great risk if not addressed in a timely manner.
Upgrade to Version 1.5.1.5 to Address the Issue
It is highly recommended that users upgrade their DrayTek Vigor296 and Vigor300B devices to version 1.5.1.5 in order to address this vulnerability. Upgrading the affected devices will rectify the issue by properly handling the "session" argument, thus preventing OS command injection. The latest firmware can be downloaded from the official DrayTek website.
Here is the link to the updated firmware for the DrayTek Vigor296 and Vigor300B devices
- DrayTek Vigor296 Firmware 1.5.1.5
- DrayTek Vigor300B Firmware 1.5.1.5
Code Snippet Demonstrating the Exploit
The following is a code snippet that demonstrates the vulnerability being exploited. It does not contain the complete exploit code and is provided for informational purposes only:
POST /cgi-bin/mainfunction.cgi/apmcfgupload
Content-Type: application/x-www-form-urlencoded
Content-Length: xxx
session=123456");os.system("<malicious_command>")"
Exploit Details
This vulnerability, classified as critical, results from the improper handling of the "session" argument in the file /cgi-bin/mainfunction.cgi/apmcfgupload. An attacker can use this security flaw to inject malicious commands, which enables unauthorized access and control of the affected devices. The exploit can be executed remotely and, since it is already publicly disclosed, it poses a significant risk to those running outdated firmware on their devices.
For more information on this vulnerability, please reference the following sources
- CVE-2024-12987
- DrayTek Security Advisory
- NIST National Vulnerability Database (NVD)
Conclusion
To protect your DrayTek Vigor296 and Vigor300B devices from this critical vulnerability (CVE-2024-12987), it is highly recommended that you upgrade the firmware to version 1.5.1.5. By doing so, you will prevent unauthorized access and potential damage from an attacker exploiting this security flaw. Always keep your devices up to date with the latest firmware to ensure the best protection against emerging threats.
Timeline
Published on: 12/27/2024 16:15:24 UTC
Last modified on: 12/27/2024 21:15:07 UTC