CVE-2024-12987 affecting DrayTek Routers

CVE-2024-12987 is a critical security vulnerability identified in the DrayTek Vigor2960 and Vigor300B routers, specifically affecting firmware version 1.5.1.4. This vulnerability resides within the Web Management Interface, in the file path /cgi-bin/mainfunction.cgi/apmcfgupload. Detailed Breakdown 1. Nature of the Vulnerability:This vulnerability involves an OS Command Injection flaw. It is triggered by manipulating the session argument passed […]

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

itsecuritynews.info - 05:02

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability,...

Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed

bleepingcomputer.com - 28/12/2025 20:38

A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over...

M-Files Vulnerability Allows Attackers to Steal Active User Session Tokens

itsecuritynews.info - 24/12/2025 18:02

A critical security vulnerability in M-Files Server could allow authenticated attackers to capture active user session tokens via the M-Files Web...

M-Files Vulnerability Allows Attackers to Steal Active User Session Tokens

itsecuritynews.info - 24/12/2025 18:02

A critical security vulnerability in M-Files Server could allow authenticated attackers to capture active user session tokens via the M-Files Web...

Critical MongoDB Flaw Leaks Sensitive Data Through zlib Compression

itsecuritynews.info - 24/12/2025 06:02

MongoDB has disclosed a critical security vulnerability tracked as CVE-2025-14847 that could allow attackers to extract uninitialized heap memory from...

Critical MongoDB Flaw Leaks Sensitive Data Through zlib Compression

itsecuritynews.info - 24/12/2025 06:02

MongoDB has disclosed a critical security vulnerability tracked as CVE-2025-14847 that could allow attackers to extract uninitialized heap memory from...

Net-SNMP Vulnerability Enables Buffer Overflow and the Daemon to Crash

itsecuritynews.info - 25/12/2025 12:02

A new critical vulnerability affecting the Net-SNMP software suite has been disclosed, posing a significant risk to network infrastructure worldwide....

Net-SNMP Vulnerability Enables Buffer Overflow and the Daemon to Crash

itsecuritynews.info - 25/12/2025 12:02

A new critical vulnerability affecting the Net-SNMP software suite has been disclosed, posing a significant risk to network infrastructure worldwide....

MongoBleed (CVE-2025-14847) Now Exploited in the Wild: MongoDB Servers at Critical Risk

itsecuritynews.info - 28/12/2025 16:31

A high-severity unauthenticated information-leak vulnerability in MongoDB Server, dubbed MongoBleed after the infamous Heartbleed bug, is now being...

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

itsecuritynews.info - 17:04

The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could...

Rubriques :

CVE-2024-12987 affecting DrayTek Routers

Articles similaires

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed

M-Files Vulnerability Allows Attackers to Steal Active User Session Tokens

M-Files Vulnerability Allows Attackers to Steal Active User Session Tokens

Critical MongoDB Flaw Leaks Sensitive Data Through zlib Compression

Critical MongoDB Flaw Leaks Sensitive Data Through zlib Compression

Net-SNMP Vulnerability Enables Buffer Overflow and the Daemon to Crash

Net-SNMP Vulnerability Enables Buffer Overflow and the Daemon to Crash

MongoBleed (CVE-2025-14847) Now Exploited in the Wild: MongoDB Servers at Critical Risk

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

Les derniers communiqués