CVE-2020-19664

Name of the Vulnerable Software and Affected Versions DrayTek Vigor2960 version 1.5.1

Description The issue allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. This is due to the failure to neutralize special elements. Exploitation of the issue may allow a remote attacker to execute arbitrary code.

Recommendations For DrayTek Vigor2960 version 1.5.1, consider disabling access to the mainfunction.cgi script or restricting the toLogin2FA action until a patch is available. As a temporary workaround, avoid using shell metacharacters in the toLogin2FA action to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.