DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Conclusion & alert: CVE-2023-24229 is rated High Exploit Risk (83.8/100): CVSS High severity, with high exploitation likelihood (EPSS 6.72%, 93th percentile).Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +5.91% over the last day, indicating growing attacker interest.Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Public exploit references (Exploit-DB) for CVE-2023-24229
Exploit prediction scoring system (EPSS) score for CVE-2023-24229
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).