漏洞描述
DraytekVigor系列路由器在<=v1.5.1.1版本的固件中,未对filename进行过滤,造成远程命令注入。接口apmcfgupload/cvmcfgupload均可。
Draytek Vigor系列路由器远程命令注入(CVE-2020-15415)
PoC代码
暂无相关漏洞推荐
-
CVE-2020-15415: DrayTek Vigor - Command Injection POC
2025-08-01 | DrayTek VigorDrayTek Vigor devices contain a command injection vulnerability in the cvmcfgupload functionality. T... -
CVE-2021-20123: Draytek VigorConnect 1.6.0-B - Local File Inclusion POC
2025-08-01 | Draytek VigorConnect 1.6.0-BDraytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functional... -
CVE-2021-20124: Draytek VigorConnect 6.0-B3 - Local File Inclusion POC
2025-08-01 | Draytek VigorConnect 6.0-B3Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functional... -
CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC
2025-09-01 | Nexus Repository漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager" -
CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal POC
2025-09-01 | LimeSurveyLimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a...