CVE-2024-12987CISA KEVEPSS p99.9%

CVE-2024-12987DrayTek Vigor Routers OS Command Injection Vulnerability

DrayTek / Vigor Routers

Description

DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface.

Scoring

EPSS98.13% probability of exploitation · percentile 99.9% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2025-05-15

(incoming)1

TypeTargetConfidenceTier
KEVEntryDrayTek Vigor Routers OS Command Injection Vulnerabilitykev-cve-2024-129870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
CVE
Multiple DrayTek Vigor Routers Web Management Page Vulnerability
CVE
Draytek VigorConnect Path Traversal Vulnerability
CVE
CVE-2025-10547
CVE
CVE-2025-11665
CVE
Zyxel DSL CPE OS Command Injection Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.