CVE-2024-12987 affecting DrayTek Routers

CVE-2024-12987 is a critical security vulnerability identified in the DrayTek Vigor2960 and Vigor300B routers, specifically affecting firmware version 1.5.1.4. This vulnerability resides within the Web Management Interface, in the file path /cgi-bin/mainfunction.cgi/apmcfgupload. Detailed Breakdown 1. Nature of the Vulnerability:This vulnerability involves an OS Command Injection flaw. It is triggered by manipulating the session argument passed […]

Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers

securityaffairs.co - 07/Jan 09:52

Attackers are exploiting a critical flaw (CVE-2026-0625) in old D-Link DSL routers that allows remote command execution. Threat actors are actively...

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

itsecuritynews.info - 07/Jan 05:02

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability,...

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

itsecuritynews.info - 06/Jan 17:04

The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could...

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

itsecuritynews.info - 06/Jan 17:04

The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could...

Ni8mare flaw gives unauthenticated control of n8n instances

securityaffairs.co - 07/Jan 21:15

A critical n8n flaw (CVE-2026-21858, CVSS 10.0), dubbed Ni8mare, allows unauthenticated attackers to fully take over vulnerable instances. Researchers...

Singapore CSA warns of maximun severity SmarterMail RCE flaw

securityaffairs.co - 31/12/2025 14:23

Singapore’s CSA warns of CVE-2025-52691, a critical SmarterMail flaw enabling unauthenticated remote code execution via arbitrary file upload....

Singapore CSA warns of maximun severity SmarterMail RCE flaw

securityaffairs.co - 31/12/2025 14:23

Singapore’s CSA warns of CVE-2025-52691, a critical SmarterMail flaw enabling unauthenticated remote code execution via arbitrary file upload....

Critical MongoDB Flaw Allows Unauthenticated Memory Data Leaks

itsecuritynews.info - 11/Jan 13:04

A critical security flaw in MongoDB could allow unauthenticated attackers to extract sensitive data directly from server memory, prompting urgent...

Critical MongoDB Flaw Allows Unauthenticated Memory Data Leaks

itsecuritynews.info - 11/Jan 13:04

A critical security flaw in MongoDB could allow unauthenticated attackers to extract sensitive data directly from server memory, prompting urgent...

Public PoC prompts Cisco patch for ISE, ISE-PIC vulnerability

securityaffairs.co - 08/Jan 15:04

Cisco addressed a medium-severity vulnerability in ISE and ISE-PIC after a public PoC exploit was disclosed. Cisco addressed a medium-severity...

Rubriques :

CVE-2024-12987 affecting DrayTek Routers

Articles similaires

Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

Ni8mare flaw gives unauthenticated control of n8n instances

Singapore CSA warns of maximun severity SmarterMail RCE flaw

Singapore CSA warns of maximun severity SmarterMail RCE flaw

Critical MongoDB Flaw Allows Unauthenticated Memory Data Leaks

Critical MongoDB Flaw Allows Unauthenticated Memory Data Leaks

Public PoC prompts Cisco patch for ISE, ISE-PIC vulnerability

Les derniers communiqués