Vulnerabilites related to DrayTek - Vigor2960
Vulnerability from fkie_nvd
Published
2023-03-15 18:15
Modified
2024-11-21 07:47
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor2960_firmware | 1.5.1.4 | |
| draytek | vigor2960 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:*:*:*:*:*:*:*", matchCriteriaId: "564753CE-A701-4D76-94D8-C452AF0C5E82", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "unsupported-when-assigned", ], }, ], descriptions: [ { lang: "en", value: "DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", }, ], id: "CVE-2023-24229", lastModified: "2024-11-21T07:47:36.267", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-03-15T18:15:10.460", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/sadwwcxz/Vul", }, { source: "cve@mitre.org", url: "https://web.archive.org/web/20230315181013/https://github.com/sadwwcxz/Vul", }, { source: "cve@mitre.org", url: "https://www.draytek.co.uk/support/guides/kb-remotemanagement", }, { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "https://www.draytek.com/", }, { source: "cve@mitre.org", url: "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960", }, { source: "cve@mitre.org", url: "https://www.draytek.com/support/knowledge-base/5465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/sadwwcxz/Vul", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://web.archive.org/web/20230315181013/https://github.com/sadwwcxz/Vul", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.draytek.co.uk/support/guides/kb-remotemanagement", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://www.draytek.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.draytek.com/support/knowledge-base/5465", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-24 17:15
Modified
2024-11-21 05:03
Severity ?
Summary
Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor300b_firmware | * | |
| draytek | vigor300b | - | |
| draytek | vigor2960_firmware | * | |
| draytek | vigor2960 | - | |
| draytek | vigor3900_firmware | * | |
| draytek | vigor3900 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "145682DB-5518-43FD-8419-E0232566F3C4", versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", matchCriteriaId: "DA5B988D-ED1A-4CBF-8B34-C5B03A55ED52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2AD4768B-73CE-4185-B676-71E1791F8D47", versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C71C769-6CEB-4377-85FB-8719626D04B5", versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", matchCriteriaId: "FEECFBBC-5551-4135-9194-4216A39B04B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.", }, { lang: "es", value: "Vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en Vigor3900, Vigor2960 y Vigor300B con versión de firmware anterior a 1.5.1.1", }, ], id: "CVE-2020-14473", lastModified: "2024-11-21T05:03:20.833", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-24T17:15:12.117", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14473.md", }, { source: "cve@mitre.org", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14473.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-26 17:15
Modified
2024-11-21 04:56
Severity ?
Summary
A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor300b_firmware | * | |
| draytek | vigor300b | - | |
| draytek | vigor3900_firmware | * | |
| draytek | vigor3900 | - | |
| draytek | vigor2960_firmware | * | |
| draytek | vigor2960 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C11C7526-608D-4C7F-B75D-B7571C4CC6C3", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", matchCriteriaId: "DA5B988D-ED1A-4CBF-8B34-C5B03A55ED52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D22BB1B3-6C91-474A-86E1-F3E8B682A983", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", matchCriteriaId: "FEECFBBC-5551-4135-9194-4216A39B04B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E1E84F07-5DBA-4D3C-930F-9C3F73C70EA1", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.", }, { lang: "es", value: "Un desbordamiento de búfer en la región stack de la memoria en cvmd en dispositivos Draytek Vigor3900, Vigor2960 y Vigor300B versiones anteriores a 1.5.1, permite a atacantes remotos lograr una ejecución de código por medio de una petición HTTP remota.", }, ], id: "CVE-2020-10828", lastModified: "2024-11-21T04:56:09.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-26T17:15:23.487", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { source: "cve@mitre.org", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-26 17:15
Modified
2024-11-21 04:56
Severity ?
Summary
A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor300b_firmware | * | |
| draytek | vigor300b | - | |
| draytek | vigor3900_firmware | * | |
| draytek | vigor3900 | - | |
| draytek | vigor2960_firmware | * | |
| draytek | vigor2960 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C11C7526-608D-4C7F-B75D-B7571C4CC6C3", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", matchCriteriaId: "DA5B988D-ED1A-4CBF-8B34-C5B03A55ED52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D22BB1B3-6C91-474A-86E1-F3E8B682A983", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", matchCriteriaId: "FEECFBBC-5551-4135-9194-4216A39B04B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E1E84F07-5DBA-4D3C-930F-9C3F73C70EA1", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).", }, { lang: "es", value: "Un desbordamiento de búfer en la región stack de la memoria en el archivo /cgi-bin/activate.cgi, mientras el parámetro ticket decodifica en base64 en dispositivos Draytek Vigor3900, Vigor2960 y Vigor300B versiones anteriores a 1.5.1, permite a atacantes remotos lograr una ejecución de código por medio de una petición HTTP remota (problema 3 de 3).", }, ], id: "CVE-2020-10825", lastModified: "2024-11-21T04:56:09.103", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-26T17:15:23.313", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { source: "cve@mitre.org", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-26 17:15
Modified
2024-11-21 04:56
Severity ?
Summary
A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor300b_firmware | * | |
| draytek | vigor300b | - | |
| draytek | vigor3900_firmware | * | |
| draytek | vigor3900 | - | |
| draytek | vigor2960_firmware | * | |
| draytek | vigor2960 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C11C7526-608D-4C7F-B75D-B7571C4CC6C3", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", matchCriteriaId: "DA5B988D-ED1A-4CBF-8B34-C5B03A55ED52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D22BB1B3-6C91-474A-86E1-F3E8B682A983", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", matchCriteriaId: "FEECFBBC-5551-4135-9194-4216A39B04B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E1E84F07-5DBA-4D3C-930F-9C3F73C70EA1", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).", }, { lang: "es", value: "Un desbordamiento de búfer en la región stack de la memoria en el archivo /cgi-bin/activate.cgi por medio del parámetro var en dispositivos Draytek Vigor3900, Vigor2960 y Vigor300B versiones anteriores a 1.5.1, permite a atacantes remotos lograr una ejecución de código por medio de una petición HTTP remota (problema 1 de 3).", }, ], id: "CVE-2020-10823", lastModified: "2024-11-21T04:56:08.807", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-26T17:15:23.203", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { source: "cve@mitre.org", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-31 02:15
Modified
2024-11-21 05:09
Severity ?
Summary
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor2960_firmware | * | |
| draytek | vigor2960 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "406F33A8-3648-4A24-BBF8-4B4283650790", versionEndIncluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.", }, { lang: "es", value: "DrayTek Vigor2960 versión 1.5.1, permite una ejecución de comando remota por medio de metacaracteres shell en una acción toLogin2FA en el archivo mainfunction.cgi.", }, ], id: "CVE-2020-19664", lastModified: "2024-11-21T05:09:18.110", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-31T02:15:12.510", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/minghangshen/bug_poc", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://nosec.org/home/detail/4631.html", }, { source: "cve@mitre.org", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-%28cve-2020-19664%29/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/minghangshen/bug_poc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://nosec.org/home/detail/4631.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-%28cve-2020-19664%29/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-26 17:15
Modified
2024-11-21 04:56
Severity ?
Summary
A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor300b_firmware | * | |
| draytek | vigor300b | - | |
| draytek | vigor3900_firmware | * | |
| draytek | vigor3900 | - | |
| draytek | vigor2960_firmware | * | |
| draytek | vigor2960 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C11C7526-608D-4C7F-B75D-B7571C4CC6C3", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", matchCriteriaId: "DA5B988D-ED1A-4CBF-8B34-C5B03A55ED52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D22BB1B3-6C91-474A-86E1-F3E8B682A983", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", matchCriteriaId: "FEECFBBC-5551-4135-9194-4216A39B04B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E1E84F07-5DBA-4D3C-930F-9C3F73C70EA1", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).", }, { lang: "es", value: "Un desbordamiento de búfer en la región stack de la memoria en el archivo /cgi-bin/activate.cgi por medio del parámetro ticket en dispositivos Draytek Vigor3900, Vigor2960 y Vigor300B versiones anteriores a 1.5.1, permite a atacantes remotos lograr una ejecución de código por medio de una petición HTTP remota (problema 2 de 3).", }, ], id: "CVE-2020-10824", lastModified: "2024-11-21T04:56:08.957", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-26T17:15:23.250", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { source: "cve@mitre.org", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-23 12:15
Modified
2024-11-21 05:04
Severity ?
Summary
A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor300b_firmware | * | |
| draytek | vigor300b | - | |
| draytek | vigor2960_firmware | * | |
| draytek | vigor2960 | - | |
| draytek | vigor3900_firmware | * | |
| draytek | vigor3900 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "145682DB-5518-43FD-8419-E0232566F3C4", versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", matchCriteriaId: "DA5B988D-ED1A-4CBF-8B34-C5B03A55ED52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2AD4768B-73CE-4185-B676-71E1791F8D47", versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C71C769-6CEB-4377-85FB-8719626D04B5", versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", matchCriteriaId: "FEECFBBC-5551-4135-9194-4216A39B04B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.", }, { lang: "es", value: "Un desbordamiento del búfer en la región stack de la memoria en los dispositivos DrayTek Vigor2960, Vigor3900 y Vigor300B versiones anteriores a 1.5.1.1, permite a atacantes remotos ejecutar código arbitrario por medio del parámetro formuserphonenumber en una acción authusersms en archivo mainfunction.cgi", }, ], id: "CVE-2020-14993", lastModified: "2024-11-21T05:04:35.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-23T12:15:13.503", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/dexterone/Vigor-poc", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.draytek.com/about/security-advisory", }, { source: "cve@mitre.org", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/dexterone/Vigor-poc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.draytek.com/about/security-advisory", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-22 20:15
Modified
2024-11-21 08:43
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor2960_firmware | 1.5.1.4 | |
| draytek | vigor2960_firmware | 1.5.1.5 | |
| draytek | vigor2960 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:*:*:*:*:*:*:*", matchCriteriaId: "564753CE-A701-4D76-94D8-C452AF0C5E82", vulnerable: true, }, { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.5:*:*:*:*:*:*:*", matchCriteriaId: "450254FB-7A86-4405-8E1F-69E249D29C62", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [ { sourceIdentifier: "9119a7d8-5eab-497f-8521-727c672e3725", tags: [ "unsupported-when-assigned", ], }, ], descriptions: [ { lang: "en", value: "** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.", }, { lang: "es", value: "Draytek Vigor2960 v1.5.1.4 y v1.5.1.5 son vulnerables a directory traversal a través del parámetro 'option' mainfunction.cgi dumpSyslog que permite a un atacante autenticado con acceso a la interfaz de administración web eliminar archivos arbitrarios. Vigor2960 ya no es compatible.", }, ], id: "CVE-2023-6265", lastModified: "2024-11-21T08:43:29.440", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "9119a7d8-5eab-497f-8521-727c672e3725", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-22T20:15:09.600", references: [ { source: "9119a7d8-5eab-497f-8521-727c672e3725", tags: [ "Exploit", ], url: "https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md", }, { source: "9119a7d8-5eab-497f-8521-727c672e3725", tags: [ "Product", ], url: "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960", }, { source: "9119a7d8-5eab-497f-8521-727c672e3725", tags: [ "Product", ], url: "https://www.draytek.com/products/vigor2960/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.draytek.com/products/vigor2960/", }, ], sourceIdentifier: "9119a7d8-5eab-497f-8521-727c672e3725", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "9119a7d8-5eab-497f-8521-727c672e3725", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-24 17:15
Modified
2024-11-21 05:03
Severity ?
Summary
On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/Cossack9989/fa9718434ceee4e6d4f6b0ad672c10f1 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://gist.github.com/WinMin/46165779215f1d47ec257210428c0240 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/Cossack9989/fa9718434ceee4e6d4f6b0ad672c10f1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/WinMin/46165779215f1d47ec257210428c0240 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor300b_firmware | * | |
| draytek | vigor300b | - | |
| draytek | vigor2960_firmware | * | |
| draytek | vigor2960 | - | |
| draytek | vigor3900_firmware | * | |
| draytek | vigor3900 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "145682DB-5518-43FD-8419-E0232566F3C4", versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", matchCriteriaId: "DA5B988D-ED1A-4CBF-8B34-C5B03A55ED52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2AD4768B-73CE-4185-B676-71E1791F8D47", versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C71C769-6CEB-4377-85FB-8719626D04B5", versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", matchCriteriaId: "FEECFBBC-5551-4135-9194-4216A39B04B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.", }, { lang: "es", value: "DrayTek Vigor3900, Vigor2960 y Vigor300B anteriores a 1.5.1.1, tiene algunas vulnerabilidades de inyección de comandos en el archivo mainfunction.cgi.", }, ], id: "CVE-2020-14472", lastModified: "2024-11-21T05:03:20.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-24T17:15:11.790", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/Cossack9989/fa9718434ceee4e6d4f6b0ad672c10f1", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/WinMin/46165779215f1d47ec257210428c0240", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/Cossack9989/fa9718434ceee4e6d4f6b0ad672c10f1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/WinMin/46165779215f1d47ec257210428c0240", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-29 20:15
Modified
2024-11-21 06:28
Severity ?
Summary
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/Cossack9989/e9c1c2d2e69b773ca4251acdd77f2835 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/Cossack9989/e9c1c2d2e69b773ca4251acdd77f2835 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor2960_firmware | * | |
| draytek | vigor2960 | - | |
| draytek | vigor3900_firmware | * | |
| draytek | vigor3900 | - | |
| draytek | vigor300b_firmware | * | |
| draytek | vigor300b | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9BCD9E78-DD12-42C5-99FA-D57C81D74C87", versionEndIncluding: "1.5.1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "51AB880F-1468-4105-ABAC-2E01653C0801", versionEndIncluding: "1.5.1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", matchCriteriaId: "FEECFBBC-5551-4135-9194-4216A39B04B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "08DBBB7D-FB59-4435-B388-D6F6D3BBA73C", versionEndIncluding: "1.5.1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", matchCriteriaId: "DA5B988D-ED1A-4CBF-8B34-C5B03A55ED52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code.", }, { lang: "es", value: "Se presenta una vulnerabilidad de cadena de formato en DrayTek Vigor 2960 versiones anteriores a 1.5.1.3 incluyéndola, DrayTek Vigor 3900 versiones anteriores a 1.5.1.3 incluyéndola, y DrayTek Vigor 300B versiones anteriores a 1.5.1.3 incluyéndola, en el archivo mainfunction.cgi por medio de un mensaje HTTP diseñado que contiene una cadena de consulta malformada, lo que podría permitir a un usuario remoto malicioso ejecutar código arbitrario", }, ], id: "CVE-2021-42911", lastModified: "2024-11-21T06:28:17.733", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-29T20:15:07.690", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/Cossack9989/e9c1c2d2e69b773ca4251acdd77f2835", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/Cossack9989/e9c1c2d2e69b773ca4251acdd77f2835", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-134", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-26 17:15
Modified
2024-11-21 04:56
Severity ?
Summary
/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor300b_firmware | * | |
| draytek | vigor300b | - | |
| draytek | vigor3900_firmware | * | |
| draytek | vigor3900 | - | |
| draytek | vigor2960_firmware | * | |
| draytek | vigor2960 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C11C7526-608D-4C7F-B75D-B7571C4CC6C3", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", matchCriteriaId: "DA5B988D-ED1A-4CBF-8B34-C5B03A55ED52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D22BB1B3-6C91-474A-86E1-F3E8B682A983", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", matchCriteriaId: "FEECFBBC-5551-4135-9194-4216A39B04B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E1E84F07-5DBA-4D3C-930F-9C3F73C70EA1", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.", }, { lang: "es", value: "El archivo /cgi-bin/activate.cgi en dispositivos Draytek Vigor3900, Vigor2960 y Vigor300B versiones anteriores a 1.5.1, permite a atacantes remotos lograr una inyección de comandos por medio de una petición HTTP remota en modo DEBUG.", }, ], id: "CVE-2020-10826", lastModified: "2024-11-21T04:56:09.247", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-26T17:15:23.377", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-30 14:15
Modified
2025-02-06 14:08
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor3900_firmware | * | |
| draytek | vigor3900 | - | |
| draytek | vigor2960_firmware | * | |
| draytek | vigor2960 | - | |
| draytek | vigor300b_firmware | * | |
| draytek | vigor300b | - |
{ cisaActionDue: "2024-10-21", cisaExploitAdd: "2024-09-30", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "DrayTek Multiple Vigor Routers OS Command Injection Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D22BB1B3-6C91-474A-86E1-F3E8B682A983", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", matchCriteriaId: "FEECFBBC-5551-4135-9194-4216A39B04B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E1E84F07-5DBA-4D3C-930F-9C3F73C70EA1", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C11C7526-608D-4C7F-B75D-B7571C4CC6C3", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", matchCriteriaId: "DA5B988D-ED1A-4CBF-8B34-C5B03A55ED52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.", }, { lang: "es", value: "En los dispositivos DrayTek Vigor3900, Vigor2960 y Vigor300B versiones anteriores a 1.5.1, en el archivo cgi-bin/mainfunction.cgi/cvmcfgupload permite una ejecución de comandos remota por medio de metacaracteres de shell en un nombre de archivo cuando es usado el tipo de contenido text/x-python-script, un problema diferente de CVE-2020-14472", }, ], id: "CVE-2020-15415", lastModified: "2025-02-06T14:08:54.317", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-06-30T14:15:11.953", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://github.com/CLP-team/Vigor-Commond-Injection", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.draytek.com/about/security-advisory", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/CLP-team/Vigor-Commond-Injection", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.draytek.com/about/security-advisory", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-26 17:15
Modified
2024-11-21 04:56
Severity ?
Summary
A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor300b_firmware | * | |
| draytek | vigor300b | - | |
| draytek | vigor3900_firmware | * | |
| draytek | vigor3900 | - | |
| draytek | vigor2960_firmware | * | |
| draytek | vigor2960 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C11C7526-608D-4C7F-B75D-B7571C4CC6C3", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", matchCriteriaId: "DA5B988D-ED1A-4CBF-8B34-C5B03A55ED52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D22BB1B3-6C91-474A-86E1-F3E8B682A983", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", matchCriteriaId: "FEECFBBC-5551-4135-9194-4216A39B04B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E1E84F07-5DBA-4D3C-930F-9C3F73C70EA1", versionEndExcluding: "1.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.", }, { lang: "es", value: "Un desbordamiento de búfer en la región stack de la memoria en apmd en dispositivos Draytek Vigor3900, Vigor2960 y Vigor300B versiones anteriores a 1.5.1, permite a atacantes remotos lograr una ejecución de código por medio de una petición HTTP remota.", }, ], id: "CVE-2020-10827", lastModified: "2024-11-21T04:56:09.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-26T17:15:23.423", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { source: "cve@mitre.org", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-29 20:15
Modified
2024-11-21 06:28
Severity ?
Summary
A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/Cossack9989/6034c077f46e4f06d0992e9f2fae7f26 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/Cossack9989/6034c077f46e4f06d0992e9f2fae7f26 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor2960_firmware | 1.5.1.3 | |
| draytek | vigor2960 | - | |
| draytek | vigor3900_firmware | 1.5.1.3 | |
| draytek | vigor3900 | - | |
| draytek | vigor300b_firmware | 1.5.1.3 | |
| draytek | vigor300b | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.3:*:*:*:*:*:*:*", matchCriteriaId: "4BBC1422-14DF-4E2F-9384-51734EE980F2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor3900_firmware:1.5.1.3:*:*:*:*:*:*:*", matchCriteriaId: "467D1536-4AB7-47D8-8880-60391A68A457", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", matchCriteriaId: "FEECFBBC-5551-4135-9194-4216A39B04B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:1.5.1.3:*:*:*:*:*:*:*", matchCriteriaId: "559C0B6C-9C54-452E-AE7B-2CDE31B0057B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", matchCriteriaId: "DA5B988D-ED1A-4CBF-8B34-C5B03A55ED52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code.", }, { lang: "es", value: "Se presenta una vulnerabilidad de Inyección de Comando Remoto en DrayTek Vigor 2960 versión 1.5.1.3, DrayTek Vigor 3900 versión 1.5.1.3, y DrayTek Vigor 300B versión 1.5.1.3, por medio de un mensaje HTTP diseñado que contiene una cadena de consulta malformada en el archivo mainfunction.cgi, que podría permitir a un usuario remoto malicioso ejecutar código arbitrario", }, ], id: "CVE-2021-43118", lastModified: "2024-11-21T06:28:42.630", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-29T20:15:07.733", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/Cossack9989/6034c077f46e4f06d0992e9f2fae7f26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/Cossack9989/6034c077f46e4f06d0992e9f2fae7f26", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-01 13:15
Modified
2025-02-28 18:05
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor2960_firmware | 1.3.1 | |
| draytek | vigor2960 | - | |
| draytek | vigor300b_firmware | 1.3.3 | |
| draytek | vigor300b_firmware | 1.4.2.1 | |
| draytek | vigor300b_firmware | 1.4.4 | |
| draytek | vigor300b | - | |
| draytek | vigor3900_firmware | 1.4.4 | |
| draytek | vigor3900 | - |
{ cisaActionDue: "2022-05-03", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Multiple DrayTek Vigor Routers Web Management Page Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:1.3.1:beta:*:*:*:*:*:*", matchCriteriaId: "A0446969-43B3-46A1-81A2-EBB22EAA3C01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:1.3.3:beta:*:*:*:*:*:*", matchCriteriaId: "6D18DBBE-382C-4047-8E37-95EC99D321A7", vulnerable: true, }, { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:1.4.2.1:beta:*:*:*:*:*:*", matchCriteriaId: "ABA6F900-F922-45FB-B7B5-DC558BE1A8ED", vulnerable: true, }, { criteria: "cpe:2.3:o:draytek:vigor300b_firmware:1.4.4:beta:*:*:*:*:*:*", matchCriteriaId: "45DDB337-B522-4ED4-9266-C73882C1A30B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", matchCriteriaId: "DA5B988D-ED1A-4CBF-8B34-C5B03A55ED52", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor3900_firmware:1.4.4:beta:*:*:*:*:*:*", matchCriteriaId: "42BB787F-2B02-4AAB-B381-5184B5629B70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", matchCriteriaId: "FEECFBBC-5551-4135-9194-4216A39B04B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.", }, { lang: "es", value: "Los dispositivos DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta y Vigor300B 1.3.3_Beta, 1.4.2.1_Beta y 1.4.4_Beta permiten la ejecución remota de código como root (sin autenticación) a través de metacaracteres de shell al URI cgi-bin / mainfunction.cgi . Este problema se ha solucionado en Vigor3900 / 2960 / 300B v1.5.1.", }, ], id: "CVE-2020-8515", lastModified: "2025-02-28T18:05:08.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-02-01T13:15:12.623", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html", }, { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-%28cve-2020-8515%29/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-%28cve-2020-8515%29/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-24 11:15
Modified
2024-11-21 07:38
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.221742 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.221742 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.221742 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.221742 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| draytek | vigor2960_firmware | 1.5.1.4 | |
| draytek | vigor2960 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:*:*:*:*:*:*:*", matchCriteriaId: "564753CE-A701-4D76-94D8-C452AF0C5E82", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", matchCriteriaId: "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [ { sourceIdentifier: "cna@vuldb.com", tags: [ "unsupported-when-assigned", ], }, ], descriptions: [ { lang: "en", value: "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", }, { lang: "es", value: "Una vulnerabilidad clasificada como problemática se ha encontrado en DrayTek Vigor 2960 1.5.1.4. Afectada es la función sub_1DF14 del archivo /cgi-bin/mainfunction.cgi. La manipulación de la opción de argumento con la entrada /.. /etc/passwd- conduce a la Path Traversal. El ataque debe realizarse dentro de la red local. El exploit ha sido divulgado al público y puede ser utilizado. VDB-221742 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2023-1009", lastModified: "2024-11-21T07:38:16.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-24T11:15:10.997", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", ], url: "https://vuldb.com/?ctiid.221742", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.221742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://vuldb.com/?ctiid.221742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.221742", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "cna@vuldb.com", type: "Primary", }, ], }
cve-2020-14993
Vulnerability from cvelistv5
Published
2020-06-23 11:50
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/dexterone/Vigor-poc | x_refsource_MISC | |
| https://www.draytek.com/about/security-advisory | x_refsource_MISC | |
| https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:00:52.170Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/dexterone/Vigor-poc", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.draytek.com/about/security-advisory", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-24T16:47:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/dexterone/Vigor-poc", }, { tags: [ "x_refsource_MISC", ], url: "https://www.draytek.com/about/security-advisory", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-14993", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/dexterone/Vigor-poc", refsource: "MISC", url: "https://github.com/dexterone/Vigor-poc", }, { name: "https://www.draytek.com/about/security-advisory", refsource: "MISC", url: "https://www.draytek.com/about/security-advisory", }, { name: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-(cve-2020-14473)", refsource: "CONFIRM", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-(cve-2020-14473)", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-14993", datePublished: "2020-06-23T11:50:58", dateReserved: "2020-06-23T00:00:00", dateUpdated: "2024-08-04T13:00:52.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10828
Vulnerability from cvelistv5
Published
2020-03-26 16:05
Modified
2024-12-18 04:55
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://slashd.ga/2020/03/draytek-vulnerabilities/ | x_refsource_MISC | |
| https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:14:15.595Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-10828", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-17T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T04:55:43.736Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-23T11:37:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10828", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://slashd.ga/2020/03/draytek-vulnerabilities/", refsource: "MISC", url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { name: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", refsource: "CONFIRM", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10828", datePublished: "2020-03-26T16:05:21", dateReserved: "2020-03-22T00:00:00", dateUpdated: "2024-12-18T04:55:43.736Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-19664
Vulnerability from cvelistv5
Published
2020-12-31 01:23
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/minghangshen/bug_poc | x_refsource_MISC | |
| https://nosec.org/home/detail/4631.html | x_refsource_MISC | |
| https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-%28cve-2020-19664%29/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:15:27.923Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/minghangshen/bug_poc", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://nosec.org/home/detail/4631.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-%28cve-2020-19664%29/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-08T17:53:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/minghangshen/bug_poc", }, { tags: [ "x_refsource_MISC", ], url: "https://nosec.org/home/detail/4631.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-%28cve-2020-19664%29/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-19664", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/minghangshen/bug_poc", refsource: "MISC", url: "https://github.com/minghangshen/bug_poc", }, { name: "https://nosec.org/home/detail/4631.html", refsource: "MISC", url: "https://nosec.org/home/detail/4631.html", }, { name: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-(cve-2020-19664)/", refsource: "CONFIRM", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-(cve-2020-19664)/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-19664", datePublished: "2020-12-31T01:23:10", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-08-04T14:15:27.923Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10825
Vulnerability from cvelistv5
Published
2020-03-26 16:04
Modified
2024-12-18 04:55
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).
References
| ▼ | URL | Tags |
|---|---|---|
| https://slashd.ga/2020/03/draytek-vulnerabilities/ | x_refsource_MISC | |
| https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:14:15.562Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-10825", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-17T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T04:55:39.811Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-23T11:35:46", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10825", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://slashd.ga/2020/03/draytek-vulnerabilities/", refsource: "MISC", url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { name: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", refsource: "CONFIRM", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10825", datePublished: "2020-03-26T16:04:57", dateReserved: "2020-03-22T00:00:00", dateUpdated: "2024-12-18T04:55:39.811Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10827
Vulnerability from cvelistv5
Published
2020-03-26 16:05
Modified
2024-12-18 04:55
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://slashd.ga/2020/03/draytek-vulnerabilities/ | x_refsource_MISC | |
| https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:14:15.586Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-10827", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-17T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T04:55:42.507Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-23T11:36:37", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10827", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://slashd.ga/2020/03/draytek-vulnerabilities/", refsource: "MISC", url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { name: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", refsource: "CONFIRM", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10827", datePublished: "2020-03-26T16:05:12", dateReserved: "2020-03-22T00:00:00", dateUpdated: "2024-12-18T04:55:42.507Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14472
Vulnerability from cvelistv5
Published
2020-06-24 16:51
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/WinMin/46165779215f1d47ec257210428c0240 | x_refsource_MISC | |
| https://gist.github.com/Cossack9989/fa9718434ceee4e6d4f6b0ad672c10f1 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:46:34.614Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/WinMin/46165779215f1d47ec257210428c0240", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/Cossack9989/fa9718434ceee4e6d4f6b0ad672c10f1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-06-24T00:00:00", descriptions: [ { lang: "en", value: "On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-08T19:30:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/WinMin/46165779215f1d47ec257210428c0240", }, { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/Cossack9989/fa9718434ceee4e6d4f6b0ad672c10f1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-14472", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gist.github.com/WinMin/46165779215f1d47ec257210428c0240", refsource: "MISC", url: "https://gist.github.com/WinMin/46165779215f1d47ec257210428c0240", }, { name: "https://gist.github.com/Cossack9989/fa9718434ceee4e6d4f6b0ad672c10f1", refsource: "MISC", url: "https://gist.github.com/Cossack9989/fa9718434ceee4e6d4f6b0ad672c10f1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-14472", datePublished: "2020-06-24T16:51:23", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-08-04T12:46:34.614Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24229
Vulnerability from cvelistv5
Published
2023-03-15 00:00
Modified
2024-08-02 10:49
Severity ?
EPSS score ?
Summary
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vigor2960_firmware", vendor: "draytek", versions: [ { status: "affected", version: "1.5.1.4", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-24229", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-16T13:44:04.133070Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-16T13:59:50.753Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T10:49:09.242Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.draytek.com/", }, { tags: [ "x_transferred", ], url: "https://github.com/sadwwcxz/Vul", }, { tags: [ "x_transferred", ], url: "https://web.archive.org/web/20230315181013/https://github.com/sadwwcxz/Vul", }, { tags: [ "x_transferred", ], url: "https://www.draytek.co.uk/support/guides/kb-remotemanagement", }, { tags: [ "x_transferred", ], url: "https://www.draytek.com/support/knowledge-base/5465", }, { tags: [ "x_transferred", ], url: "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-22T19:06:06.237548", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.draytek.com/", }, { url: "https://github.com/sadwwcxz/Vul", }, { url: "https://web.archive.org/web/20230315181013/https://github.com/sadwwcxz/Vul", }, { url: "https://www.draytek.co.uk/support/guides/kb-remotemanagement", }, { url: "https://www.draytek.com/support/knowledge-base/5465", }, { url: "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960", }, ], tags: [ "unsupported-when-assigned", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-24229", datePublished: "2023-03-15T00:00:00", dateReserved: "2023-01-23T00:00:00", dateUpdated: "2024-08-02T10:49:09.242Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42911
Vulnerability from cvelistv5
Published
2022-03-29 19:30
Modified
2024-08-04 03:47
Severity ?
EPSS score ?
Summary
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/Cossack9989/e9c1c2d2e69b773ca4251acdd77f2835 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:47:12.398Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/Cossack9989/e9c1c2d2e69b773ca4251acdd77f2835", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-29T19:30:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/Cossack9989/e9c1c2d2e69b773ca4251acdd77f2835", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-42911", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gist.github.com/Cossack9989/e9c1c2d2e69b773ca4251acdd77f2835", refsource: "MISC", url: "https://gist.github.com/Cossack9989/e9c1c2d2e69b773ca4251acdd77f2835", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-42911", datePublished: "2022-03-29T19:30:16", dateReserved: "2021-10-25T00:00:00", dateUpdated: "2024-08-04T03:47:12.398Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14473
Vulnerability from cvelistv5
Published
2020-06-24 16:41
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:46:34.299Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14473.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-06-24T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-30T13:03:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14473.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-14473", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-(cve-2020-14473)", refsource: "CONFIRM", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-(cve-2020-14473)", }, { name: "https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14473.md", refsource: "MISC", url: "https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14473.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-14473", datePublished: "2020-06-24T16:41:51", dateReserved: "2020-06-19T00:00:00", dateUpdated: "2024-08-04T12:46:34.299Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10824
Vulnerability from cvelistv5
Published
2020-03-26 16:04
Modified
2024-12-18 04:55
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).
References
| ▼ | URL | Tags |
|---|---|---|
| https://slashd.ga/2020/03/draytek-vulnerabilities/ | x_refsource_MISC | |
| https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:14:15.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-10824", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-17T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T04:55:38.540Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-23T11:30:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10824", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://slashd.ga/2020/03/draytek-vulnerabilities/", refsource: "MISC", url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { name: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", refsource: "CONFIRM", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10824", datePublished: "2020-03-26T16:04:44", dateReserved: "2020-03-22T00:00:00", dateUpdated: "2024-12-18T04:55:38.540Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-1009
Vulnerability from cvelistv5
Published
2023-02-24 10:31
Modified
2025-03-11 15:50
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS score ?
Summary
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.221742 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.221742 | signature, permissions-required | |
| https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DrayTek | Vigor 2960 |
Version: 1.5.1.4 Version: 1.5.1.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:32:46.217Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.221742", }, { tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.221742", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-1009", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T15:49:59.538312Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T15:50:04.228Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { modules: [ "Web Management Interface", ], product: "Vigor 2960", vendor: "DrayTek", versions: [ { status: "affected", version: "1.5.1.4", }, { status: "affected", version: "1.5.1.5", }, ], }, ], credits: [ { lang: "en", type: "analyst", value: "Tmotfl (VulDB User)", }, ], descriptions: [ { lang: "en", value: "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", }, { lang: "de", value: "Es wurde eine kritische Schwachstelle in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 entdeckt. Es geht dabei um die Funktion sub_1DF14 der Datei /cgi-bin/mainfunction.cgi der Komponente Web Management Interface. Durch Manipulation des Arguments option mit der Eingabe /../etc/passwd- mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Path Traversal", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-22T20:43:41.869Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.221742", }, { tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.221742", }, { tags: [ "exploit", ], url: "https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md", }, ], tags: [ "unsupported-when-assigned", ], timeline: [ { lang: "en", time: "2023-02-18T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2023-02-18T00:00:00.000Z", value: "Exploit disclosed", }, { lang: "en", time: "2023-02-24T00:00:00.000Z", value: "CVE reserved", }, { lang: "en", time: "2023-02-24T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2023-11-22T21:47:58.000Z", value: "VulDB entry last update", }, ], title: "DrayTek Vigor 2960 Web Management Interface mainfunction.cgi sub_1DF14 path traversal", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2023-1009", datePublished: "2023-02-24T10:31:15.666Z", dateReserved: "2023-02-24T10:29:42.964Z", dateUpdated: "2025-03-11T15:50:04.228Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6265
Vulnerability from cvelistv5
Published
2023-11-22 19:47
Modified
2024-08-02 08:28
Severity ?
EPSS score ?
Summary
** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:28:20.179Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "exploit", "x_transferred", ], url: "https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md", }, { tags: [ "product", "x_transferred", ], url: "https://www.draytek.com/products/vigor2960/", }, { tags: [ "product", "x_transferred", ], url: "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Vigor2960", vendor: "DrayTek", versions: [ { status: "affected", version: "1.5.1.4", }, { status: "affected", version: "1.5.1.5", }, ], }, ], datePublic: "2023-02-25T05:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.", }, ], value: "** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Path Traversal", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-19T21:00:05.632Z", orgId: "9119a7d8-5eab-497f-8521-727c672e3725", shortName: "cisa-cg", }, references: [ { tags: [ "exploit", ], url: "https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md", }, { tags: [ "product", ], url: "https://www.draytek.com/products/vigor2960/", }, { tags: [ "product", ], url: "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960", }, ], source: { discovery: "EXTERNAL", }, tags: [ "unsupported-when-assigned", ], title: "DrayTek Vigor2960 mainfunction.cgi dumpSyslog 'option' directory traversal", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9119a7d8-5eab-497f-8521-727c672e3725", assignerShortName: "cisa-cg", cveId: "CVE-2023-6265", datePublished: "2023-11-22T19:47:07.692Z", dateReserved: "2023-11-22T19:31:54.376Z", dateUpdated: "2024-08-02T08:28:20.179Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8515
Vulnerability from cvelistv5
Published
2020-02-01 12:36
Modified
2025-02-04 20:24
Severity ?
EPSS score ?
Summary
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:03:46.168Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-%28cve-2020-8515%29/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2020-8515", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T20:20:12.502737Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8515", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T20:24:54.892Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-31T16:06:04.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-%28cve-2020-8515%29/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-8515", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html", refsource: "MISC", url: "https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html", }, { name: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/", refsource: "MISC", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/", }, { name: "http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-8515", datePublished: "2020-02-01T12:36:59.000Z", dateReserved: "2020-02-01T00:00:00.000Z", dateUpdated: "2025-02-04T20:24:54.892Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10826
Vulnerability from cvelistv5
Published
2020-03-26 16:05
Modified
2024-12-18 04:55
Severity ?
EPSS score ?
Summary
/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.
References
| ▼ | URL | Tags |
|---|---|---|
| https://slashd.ga/2020/03/draytek-vulnerabilities/ | x_refsource_MISC | |
| https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:14:15.596Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-10826", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-17T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T04:55:41.061Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-23T11:36:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10826", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://slashd.ga/2020/03/draytek-vulnerabilities/", refsource: "MISC", url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { name: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", refsource: "CONFIRM", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10826", datePublished: "2020-03-26T16:05:03", dateReserved: "2020-03-22T00:00:00", dateUpdated: "2024-12-18T04:55:41.061Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10823
Vulnerability from cvelistv5
Published
2020-03-26 16:04
Modified
2024-12-18 04:55
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).
References
| ▼ | URL | Tags |
|---|---|---|
| https://slashd.ga/2020/03/draytek-vulnerabilities/ | x_refsource_MISC | |
| https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:14:15.581Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-10823", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-17T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T04:55:37.275Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-23T11:29:43", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10823", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://slashd.ga/2020/03/draytek-vulnerabilities/", refsource: "MISC", url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { name: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", refsource: "CONFIRM", url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10823", datePublished: "2020-03-26T16:04:38", dateReserved: "2020-03-22T00:00:00", dateUpdated: "2024-12-18T04:55:37.275Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15415
Vulnerability from cvelistv5
Published
2020-06-30 13:37
Modified
2024-10-04 13:28
Severity ?
EPSS score ?
Summary
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.draytek.com/about/security-advisory | x_refsource_MISC | |
| https://github.com/CLP-team/Vigor-Commond-Injection | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:15:20.528Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.draytek.com/about/security-advisory", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/CLP-team/Vigor-Commond-Injection", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vigor3900_firmware", vendor: "draytek", versions: [ { lessThan: "1.5.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vigor2960_firmware", vendor: "draytek", versions: [ { lessThan: "1.5.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vigor300b_firmware", vendor: "draytek", versions: [ { lessThan: "1.5.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { dateAdded: "2024-09-30", reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", }, type: "kev", }, }, { other: { content: { id: "CVE-2020-15415", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T13:26:07.263404Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-04T13:28:53.824Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-30T13:37:56", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.draytek.com/about/security-advisory", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/CLP-team/Vigor-Commond-Injection", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15415", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.draytek.com/about/security-advisory", refsource: "MISC", url: "https://www.draytek.com/about/security-advisory", }, { name: "https://github.com/CLP-team/Vigor-Commond-Injection", refsource: "MISC", url: "https://github.com/CLP-team/Vigor-Commond-Injection", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15415", datePublished: "2020-06-30T13:37:56", dateReserved: "2020-06-30T00:00:00", dateUpdated: "2024-10-04T13:28:53.824Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43118
Vulnerability from cvelistv5
Published
2022-03-29 19:37
Modified
2024-08-04 03:47
Severity ?
EPSS score ?
Summary
A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/Cossack9989/6034c077f46e4f06d0992e9f2fae7f26 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:47:13.571Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/Cossack9989/6034c077f46e4f06d0992e9f2fae7f26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-29T19:37:57", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/Cossack9989/6034c077f46e4f06d0992e9f2fae7f26", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-43118", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gist.github.com/Cossack9989/6034c077f46e4f06d0992e9f2fae7f26", refsource: "MISC", url: "https://gist.github.com/Cossack9989/6034c077f46e4f06d0992e9f2fae7f26", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-43118", datePublished: "2022-03-29T19:37:57", dateReserved: "2021-11-01T00:00:00", dateUpdated: "2024-08-04T03:47:13.571Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-12986
Vulnerability from cvelistv5
Published
2024-12-27 15:31
Modified
2024-12-30 14:38
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.289379 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.289379 | signature, permissions-required | |
| https://vuldb.com/?submit.468794 | third-party-advisory | |
| https://netsecfish.notion.site/Command-Injection-in-apmcfgupptim-endpoint-for-DrayTek-Gateway-Devices-1676b683e67c80b9ad8cc37b93273bf6?pvs=4 | exploit |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-12986", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-30T14:38:09.100530Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-30T14:38:15.129Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://netsecfish.notion.site/Command-Injection-in-apmcfgupptim-endpoint-for-DrayTek-Gateway-Devices-1676b683e67c80b9ad8cc37b93273bf6", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { modules: [ "Web Management Interface", ], product: "Vigor2960", vendor: "DrayTek", versions: [ { status: "affected", version: "1.5.1.3", }, { status: "affected", version: "1.5.1.4", }, ], }, { modules: [ "Web Management Interface", ], product: "Vigor300B", vendor: "DrayTek", versions: [ { status: "affected", version: "1.5.1.3", }, { status: "affected", version: "1.5.1.4", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "netsecfish (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component.", }, { lang: "de", value: "Eine Schwachstelle wurde in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /cgi-bin/mainfunction.cgi/apmcfgupptim der Komponente Web Management Interface. Mit der Manipulation des Arguments session mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 1.5.1.5 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.", }, ], metrics: [ { cvssV4_0: { baseScore: 6.9, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 7.5, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "OS Command Injection", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-77", description: "Command Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-27T15:31:05.003Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-289379 | DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupptim os command injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.289379", }, { name: "VDB-289379 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.289379", }, { name: "Submit #468794 | DrayTek Vigor2960, Vigor300B Software Version: 1.5.1.3, 1.5.1.4 Command Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.468794", }, { tags: [ "exploit", ], url: "https://netsecfish.notion.site/Command-Injection-in-apmcfgupptim-endpoint-for-DrayTek-Gateway-Devices-1676b683e67c80b9ad8cc37b93273bf6?pvs=4", }, ], timeline: [ { lang: "en", time: "2024-12-27T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-12-27T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-12-27T09:08:58.000Z", value: "VulDB entry last update", }, ], title: "DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupptim os command injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-12986", datePublished: "2024-12-27T15:31:05.003Z", dateReserved: "2024-12-27T08:03:50.840Z", dateUpdated: "2024-12-30T14:38:15.129Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-12987
Vulnerability from cvelistv5
Published
2024-12-27 16:00
Modified
2024-12-27 20:46
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.289380 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.289380 | signature, permissions-required | |
| https://vuldb.com/?submit.468795 | third-party-advisory | |
| https://netsecfish.notion.site/Command-Injection-in-apmcfgupload-endpoint-for-DrayTek-Gateway-Devices-1676b683e67c8040b7f1f0ffe29ce18f?pvs=4 | exploit |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-12987", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-27T20:45:58.821447Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-27T20:46:29.584Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://netsecfish.notion.site/Command-Injection-in-apmcfgupload-endpoint-for-DrayTek-Gateway-Devices-1676b683e67c8040b7f1f0ffe29ce18f", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { modules: [ "Web Management Interface", ], product: "Vigor2960", vendor: "DrayTek", versions: [ { status: "affected", version: "1.5.1.4", }, ], }, { modules: [ "Web Management Interface", ], product: "Vigor300B", vendor: "DrayTek", versions: [ { status: "affected", version: "1.5.1.4", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "netsecfish (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component.", }, { lang: "de", value: "Es wurde eine Schwachstelle in DrayTek Vigor2960 and Vigor300B 1.5.1.4 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /cgi-bin/mainfunction.cgi/apmcfgupload der Komponente Web Management Interface. Durch die Manipulation des Arguments session mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 1.5.1.5 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.", }, ], metrics: [ { cvssV4_0: { baseScore: 6.9, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { cvssV3_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, { cvssV2_0: { baseScore: 7.5, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "OS Command Injection", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-77", description: "Command Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-27T16:00:13.600Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-289380 | DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.289380", }, { name: "VDB-289380 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.289380", }, { name: "Submit #468795 | DrayTek Vigor2960, Vigor300B 1.5.1.4 Command Injection", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.468795", }, { tags: [ "exploit", ], url: "https://netsecfish.notion.site/Command-Injection-in-apmcfgupload-endpoint-for-DrayTek-Gateway-Devices-1676b683e67c8040b7f1f0ffe29ce18f?pvs=4", }, ], timeline: [ { lang: "en", time: "2024-12-27T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-12-27T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-12-27T09:09:00.000Z", value: "VulDB entry last update", }, ], title: "DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-12987", datePublished: "2024-12-27T16:00:13.600Z", dateReserved: "2024-12-27T08:03:52.921Z", dateUpdated: "2024-12-27T20:46:29.584Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-202012-0268
Vulnerability from variot
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. DrayTek Vigor2960 Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202012-0268", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor2960", scope: "lte", trust: 1, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "vigor2960 firmware 1.5.1", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-015051", }, { db: "NVD", id: "CVE-2020-19664", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-19664", }, ], }, cve: "CVE-2020-19664", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 6.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2020-19664", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2020-19664", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-19664", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202012-1919", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-015051", }, { db: "NVD", id: "CVE-2020-19664", }, { db: "CNNVD", id: "CNNVD-202012-1919", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. DrayTek Vigor2960 Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state", sources: [ { db: "NVD", id: "CVE-2020-19664", }, { db: "JVNDB", id: "JVNDB-2020-015051", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-19664", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2020-015051", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202012-1919", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-015051", }, { db: "NVD", id: "CVE-2020-19664", }, { db: "CNNVD", id: "CNNVD-202012-1919", }, ], }, id: "VAR-202012-0268", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.59962404, }, last_update_date: "2023-12-18T13:47:19.941000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Vigor3900 / Vigor2960 / Vigor300B Remote code injection/execution Vulnerability (CVE-2020-19664)", trust: 0.8, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-(cve-2020-19664)/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-015051", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "OS Command injection (CWE-78) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-015051", }, { db: "NVD", id: "CVE-2020-19664", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://github.com/minghangshen/bug_poc", }, { trust: 1.6, url: "https://nosec.org/home/detail/4631.html", }, { trust: 1, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-%28cve-2020-19664%29/", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2020-19664", }, { trust: 0.6, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-(cve-2020-19664)/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-015051", }, { db: "NVD", id: "CVE-2020-19664", }, { db: "CNNVD", id: "CNNVD-202012-1919", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2020-015051", }, { db: "NVD", id: "CVE-2020-19664", }, { db: "CNNVD", id: "CNNVD-202012-1919", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-08T00:00:00", db: "JVNDB", id: "JVNDB-2020-015051", }, { date: "2020-12-31T02:15:12.510000", db: "NVD", id: "CVE-2020-19664", }, { date: "2020-12-31T00:00:00", db: "CNNVD", id: "CNNVD-202012-1919", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-09-08T09:14:00", db: "JVNDB", id: "JVNDB-2020-015051", }, { date: "2023-11-07T03:19:18.223000", db: "NVD", id: "CVE-2020-19664", }, { date: "2021-02-26T00:00:00", db: "CNNVD", id: "CNNVD-202012-1919", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202012-1919", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "DrayTek Vigor2960 In OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2020-015051", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "parameter injection", sources: [ { db: "CNNVD", id: "CNNVD-202012-1919", }, ], trust: 0.6, }, }
var-202203-1598
Vulnerability from variot
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code. DrayTek Corporation of Vigor2960 firmware, Vigor3900 firmware, Vigor300b A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DrayTek Vigor is a router
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1598", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor300b", scope: "lte", trust: 1, vendor: "draytek", version: "1.5.1.3", }, { model: "vigor3900", scope: "lte", trust: 1, vendor: "draytek", version: "1.5.1.3", }, { model: "vigor2960", scope: "lte", trust: 1, vendor: "draytek", version: "1.5.1.3", }, { model: "vigor3900", scope: null, trust: 0.8, vendor: "draytek", version: null, }, { model: "vigor2960", scope: null, trust: 0.8, vendor: "draytek", version: null, }, { model: "vigor300b", scope: null, trust: 0.8, vendor: "draytek", version: null, }, { model: "vigor2960", scope: "lte", trust: 0.6, vendor: "draytek", version: "<=1.5.1.3", }, { model: "vigor300b", scope: "lte", trust: 0.6, vendor: "draytek", version: "<=1.5.1.3", }, { model: "vigor3900", scope: "lte", trust: 0.6, vendor: "draytek", version: "<=1.5.1.3", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-31820", }, { db: "JVNDB", id: "JVNDB-2021-019130", }, { db: "NVD", id: "CVE-2021-42911", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.5.1.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.5.1.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.5.1.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-42911", }, ], }, cve: "CVE-2021-42911", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-42911", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2022-31820", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-42911", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-42911", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2022-31820", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202203-2507", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-31820", }, { db: "JVNDB", id: "JVNDB-2021-019130", }, { db: "NVD", id: "CVE-2021-42911", }, { db: "CNNVD", id: "CNNVD-202203-2507", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code. DrayTek Corporation of Vigor2960 firmware, Vigor3900 firmware, Vigor300b A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DrayTek Vigor is a router", sources: [ { db: "NVD", id: "CVE-2021-42911", }, { db: "JVNDB", id: "JVNDB-2021-019130", }, { db: "CNVD", id: "CNVD-2022-31820", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-42911", trust: 3.8, }, { db: "JVNDB", id: "JVNDB-2021-019130", trust: 0.8, }, { db: "CNVD", id: "CNVD-2022-31820", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-2507", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-31820", }, { db: "JVNDB", id: "JVNDB-2021-019130", }, { db: "NVD", id: "CVE-2021-42911", }, { db: "CNNVD", id: "CNNVD-202203-2507", }, ], }, id: "VAR-202203-1598", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-31820", }, ], trust: 1.2428176466666667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-31820", }, ], }, last_update_date: "2023-12-18T13:32:15.354000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for DrayTek Vigor Format String Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/330826", }, { title: "Draytek Fixes for formatting string errors in various products", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=187839", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-31820", }, { db: "CNNVD", id: "CNNVD-202203-2507", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-134", trust: 1, }, { problemtype: "Format string problem (CWE-134) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-019130", }, { db: "NVD", id: "CVE-2021-42911", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://gist.github.com/cossack9989/e9c1c2d2e69b773ca4251acdd77f2835", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-42911", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2021-42911/", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-31820", }, { db: "JVNDB", id: "JVNDB-2021-019130", }, { db: "NVD", id: "CVE-2021-42911", }, { db: "CNNVD", id: "CNNVD-202203-2507", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-31820", }, { db: "JVNDB", id: "JVNDB-2021-019130", }, { db: "NVD", id: "CVE-2021-42911", }, { db: "CNNVD", id: "CNNVD-202203-2507", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-24T00:00:00", db: "CNVD", id: "CNVD-2022-31820", }, { date: "2023-07-18T00:00:00", db: "JVNDB", id: "JVNDB-2021-019130", }, { date: "2022-03-29T20:15:07.690000", db: "NVD", id: "CVE-2021-42911", }, { date: "2022-03-29T00:00:00", db: "CNNVD", id: "CNNVD-202203-2507", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-24T00:00:00", db: "CNVD", id: "CNVD-2022-31820", }, { date: "2023-07-18T08:33:00", db: "JVNDB", id: "JVNDB-2021-019130", }, { date: "2022-04-05T18:20:46.887000", db: "NVD", id: "CVE-2021-42911", }, { date: "2022-04-06T00:00:00", db: "CNNVD", id: "CNNVD-202203-2507", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202203-2507", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural DrayTek Corporation Product Format String Vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-019130", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "format string error", sources: [ { db: "CNNVD", id: "CNNVD-202203-2507", }, ], trust: 0.6, }, }
var-202303-1193
Vulnerability from variot
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. DrayTek Corporation of Vigor2960 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202303-1193", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor2960", scope: "eq", trust: 1, vendor: "draytek", version: "1.5.1.4", }, { model: "vigor2960", scope: null, trust: 0.8, vendor: "draytek", version: null, }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "vigor2960 firmware 1.5.1.4", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-005276", }, { db: "NVD", id: "CVE-2023-24229", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-24229", }, ], }, cve: "CVE-2023-24229", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-24229", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-24229", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202303-1259", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-005276", }, { db: "CNNVD", id: "CNNVD-202303-1259", }, { db: "NVD", id: "CVE-2023-24229", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. DrayTek Corporation of Vigor2960 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-24229", }, { db: "JVNDB", id: "JVNDB-2023-005276", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-24229", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2023-005276", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202303-1259", trust: 0.6, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-005276", }, { db: "CNNVD", id: "CNNVD-202303-1259", }, { db: "NVD", id: "CVE-2023-24229", }, ], }, id: "VAR-202303-1193", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.59962404, }, last_update_date: "2024-05-17T22:53:23.590000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-005276", }, { db: "NVD", id: "CVE-2023-24229", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://www.draytek.com/", }, { trust: 1.6, url: "https://github.com/sadwwcxz/vul", }, { trust: 1, url: "https://web.archive.org/web/20230315181013/https://github.com/sadwwcxz/vul", }, { trust: 1, url: "https://www.draytek.co.uk/support/guides/kb-remotemanagement", }, { trust: 1, url: "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960", }, { trust: 1, url: "https://www.draytek.com/support/knowledge-base/5465", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-24229", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-24229/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-005276", }, { db: "CNNVD", id: "CNNVD-202303-1259", }, { db: "NVD", id: "CVE-2023-24229", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2023-005276", }, { db: "CNNVD", id: "CNNVD-202303-1259", }, { db: "NVD", id: "CVE-2023-24229", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-07T00:00:00", db: "JVNDB", id: "JVNDB-2023-005276", }, { date: "2023-03-15T00:00:00", db: "CNNVD", id: "CNNVD-202303-1259", }, { date: "2023-03-15T18:15:10.460000", db: "NVD", id: "CVE-2023-24229", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-07T06:03:00", db: "JVNDB", id: "JVNDB-2023-005276", }, { date: "2023-03-21T00:00:00", db: "CNNVD", id: "CNNVD-202303-1259", }, { date: "2024-05-17T02:20:16.230000", db: "NVD", id: "CVE-2023-24229", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202303-1259", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "DrayTek Corporation of Vigor2960 Command injection vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-005276", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202303-1259", }, ], trust: 0.6, }, }
var-202003-0306
Vulnerability from variot
A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3). Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
There is a buffer overflow vulnerability in the /cgi-bin/activate.cgi file in Draytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1 and Vigor300B versions prior to 1.5.1. This vulnerability stems from the program's failure to correctly check the boundary
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0306", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor3900", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor300b", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, { model: "vigor300b", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, { model: "vigor3900", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29578", }, { db: "JVNDB", id: "JVNDB-2020-003500", }, { db: "NVD", id: "CVE-2020-10823", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-10823", }, ], }, cve: "CVE-2020-10823", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-003500", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-29578", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-003500", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-10823", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "JVNDB-2020-003500", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2020-29578", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202003-1634", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29578", }, { db: "JVNDB", id: "JVNDB-2020-003500", }, { db: "NVD", id: "CVE-2020-10823", }, { db: "CNNVD", id: "CNNVD-202003-1634", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3). Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. \n\r\n\r\nThere is a buffer overflow vulnerability in the /cgi-bin/activate.cgi file in Draytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1 and Vigor300B versions prior to 1.5.1. This vulnerability stems from the program's failure to correctly check the boundary", sources: [ { db: "NVD", id: "CVE-2020-10823", }, { db: "JVNDB", id: "JVNDB-2020-003500", }, { db: "CNVD", id: "CNVD-2020-29578", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-10823", trust: 3, }, { db: "JVNDB", id: "JVNDB-2020-003500", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-29578", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202003-1634", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29578", }, { db: "JVNDB", id: "JVNDB-2020-003500", }, { db: "NVD", id: "CVE-2020-10823", }, { db: "CNNVD", id: "CNNVD-202003-1634", }, ], }, id: "VAR-202003-0306", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-29578", }, ], trust: 1.2428176466666667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29578", }, ], }, last_update_date: "2023-12-18T13:56:21.770000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Vigor3900 / Vigor2960 / Vigor300B Stack-based buffer overflow Vulnerability (CVE-2020-10823 ~ CVE-2020-10828)", trust: 0.8, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-003500", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-003500", }, { db: "NVD", id: "CVE-2020-10823", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10823", }, { trust: 1.6, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10823", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29578", }, { db: "JVNDB", id: "JVNDB-2020-003500", }, { db: "NVD", id: "CVE-2020-10823", }, { db: "CNNVD", id: "CNNVD-202003-1634", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-29578", }, { db: "JVNDB", id: "JVNDB-2020-003500", }, { db: "NVD", id: "CVE-2020-10823", }, { db: "CNNVD", id: "CNNVD-202003-1634", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-23T00:00:00", db: "CNVD", id: "CNVD-2020-29578", }, { date: "2020-04-17T00:00:00", db: "JVNDB", id: "JVNDB-2020-003500", }, { date: "2020-03-26T17:15:23.203000", db: "NVD", id: "CVE-2020-10823", }, { date: "2020-03-26T00:00:00", db: "CNNVD", id: "CNNVD-202003-1634", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-23T00:00:00", db: "CNVD", id: "CNVD-2020-29578", }, { date: "2020-04-17T00:00:00", db: "JVNDB", id: "JVNDB-2020-003500", }, { date: "2020-06-23T12:15:12.173000", db: "NVD", id: "CVE-2020-10823", }, { date: "2020-06-24T00:00:00", db: "CNNVD", id: "CNNVD-202003-1634", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202003-1634", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural DrayTek Out-of-bounds write vulnerabilities in product devices", sources: [ { db: "JVNDB", id: "JVNDB-2020-003500", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202003-1634", }, ], trust: 0.6, }, }
var-202003-0308
Vulnerability from variot
A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3). Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
There is a buffer overflow vulnerability in the /cgi-bin/activate.cgi file in Draytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1 and Vigor300B versions prior to 1.5.1. This vulnerability stems from the program's failure to correctly check the boundary. A remote attacker can use the specially crafted HTTP request to exploit this vulnerability to execute arbitrary code on the system
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0308", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor3900", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor300b", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, { model: "vigor300b", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, { model: "vigor3900", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29580", }, { db: "JVNDB", id: "JVNDB-2020-003409", }, { db: "NVD", id: "CVE-2020-10825", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-10825", }, ], }, cve: "CVE-2020-10825", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-003409", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-29580", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-003409", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-10825", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "JVNDB-2020-003409", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2020-29580", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202003-1636", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29580", }, { db: "JVNDB", id: "JVNDB-2020-003409", }, { db: "NVD", id: "CVE-2020-10825", }, { db: "CNNVD", id: "CNNVD-202003-1636", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3). Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. \n\r\n\r\nThere is a buffer overflow vulnerability in the /cgi-bin/activate.cgi file in Draytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1 and Vigor300B versions prior to 1.5.1. This vulnerability stems from the program's failure to correctly check the boundary. A remote attacker can use the specially crafted HTTP request to exploit this vulnerability to execute arbitrary code on the system", sources: [ { db: "NVD", id: "CVE-2020-10825", }, { db: "JVNDB", id: "JVNDB-2020-003409", }, { db: "CNVD", id: "CNVD-2020-29580", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-10825", trust: 3, }, { db: "JVNDB", id: "JVNDB-2020-003409", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-29580", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202003-1636", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29580", }, { db: "JVNDB", id: "JVNDB-2020-003409", }, { db: "NVD", id: "CVE-2020-10825", }, { db: "CNNVD", id: "CNNVD-202003-1636", }, ], }, id: "VAR-202003-0308", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-29580", }, ], trust: 1.2428176466666667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29580", }, ], }, last_update_date: "2023-12-18T13:51:58.956000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.draytek.com/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-003409", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-003409", }, { db: "NVD", id: "CVE-2020-10825", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10825", }, { trust: 1.6, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10825", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29580", }, { db: "JVNDB", id: "JVNDB-2020-003409", }, { db: "NVD", id: "CVE-2020-10825", }, { db: "CNNVD", id: "CNNVD-202003-1636", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-29580", }, { db: "JVNDB", id: "JVNDB-2020-003409", }, { db: "NVD", id: "CVE-2020-10825", }, { db: "CNNVD", id: "CNNVD-202003-1636", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-23T00:00:00", db: "CNVD", id: "CNVD-2020-29580", }, { date: "2020-04-16T00:00:00", db: "JVNDB", id: "JVNDB-2020-003409", }, { date: "2020-03-26T17:15:23.313000", db: "NVD", id: "CVE-2020-10825", }, { date: "2020-03-26T00:00:00", db: "CNNVD", id: "CNNVD-202003-1636", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-23T00:00:00", db: "CNVD", id: "CNVD-2020-29580", }, { date: "2020-04-16T00:00:00", db: "JVNDB", id: "JVNDB-2020-003409", }, { date: "2020-06-23T12:15:12.657000", db: "NVD", id: "CVE-2020-10825", }, { date: "2020-06-24T00:00:00", db: "CNNVD", id: "CNNVD-202003-1636", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202003-1636", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Draytek Out-of-bounds write vulnerabilities in the product", sources: [ { db: "JVNDB", id: "JVNDB-2020-003409", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202003-1636", }, ], trust: 0.6, }, }
var-202003-0310
Vulnerability from variot
A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
Draytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1, and Vigor300B versions prior to 1.5.1 have buffer overflow vulnerabilities. This vulnerability stems from the program's failure to correctly check the boundary
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0310", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor3900", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor300b", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, { model: "vigor300b", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, { model: "vigor3900", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29582", }, { db: "JVNDB", id: "JVNDB-2020-003402", }, { db: "NVD", id: "CVE-2020-10827", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-10827", }, ], }, cve: "CVE-2020-10827", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-003402", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-29582", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-003402", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-10827", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "JVNDB-2020-003402", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2020-29582", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202003-1638", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29582", }, { db: "JVNDB", id: "JVNDB-2020-003402", }, { db: "NVD", id: "CVE-2020-10827", }, { db: "CNNVD", id: "CNNVD-202003-1638", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. \n\r\n\r\nDraytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1, and Vigor300B versions prior to 1.5.1 have buffer overflow vulnerabilities. This vulnerability stems from the program's failure to correctly check the boundary", sources: [ { db: "NVD", id: "CVE-2020-10827", }, { db: "JVNDB", id: "JVNDB-2020-003402", }, { db: "CNVD", id: "CNVD-2020-29582", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-10827", trust: 3, }, { db: "JVNDB", id: "JVNDB-2020-003402", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-29582", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202003-1638", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29582", }, { db: "JVNDB", id: "JVNDB-2020-003402", }, { db: "NVD", id: "CVE-2020-10827", }, { db: "CNNVD", id: "CNNVD-202003-1638", }, ], }, id: "VAR-202003-0310", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-29582", }, ], trust: 1.2428176466666667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29582", }, ], }, last_update_date: "2023-12-18T13:33:10.576000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.draytek.com/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-003402", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-003402", }, { db: "NVD", id: "CVE-2020-10827", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10827", }, { trust: 1.6, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10827", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29582", }, { db: "JVNDB", id: "JVNDB-2020-003402", }, { db: "NVD", id: "CVE-2020-10827", }, { db: "CNNVD", id: "CNNVD-202003-1638", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-29582", }, { db: "JVNDB", id: "JVNDB-2020-003402", }, { db: "NVD", id: "CVE-2020-10827", }, { db: "CNNVD", id: "CNNVD-202003-1638", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-23T00:00:00", db: "CNVD", id: "CNVD-2020-29582", }, { date: "2020-04-15T00:00:00", db: "JVNDB", id: "JVNDB-2020-003402", }, { date: "2020-03-26T17:15:23.423000", db: "NVD", id: "CVE-2020-10827", }, { date: "2020-03-26T00:00:00", db: "CNNVD", id: "CNNVD-202003-1638", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-23T00:00:00", db: "CNVD", id: "CNVD-2020-29582", }, { date: "2020-04-15T00:00:00", db: "JVNDB", id: "JVNDB-2020-003402", }, { date: "2020-06-23T12:15:13.127000", db: "NVD", id: "CVE-2020-10827", }, { date: "2020-06-24T00:00:00", db: "CNNVD", id: "CNNVD-202003-1638", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202003-1638", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Draytek Out-of-bounds write vulnerabilities in the product", sources: [ { db: "JVNDB", id: "JVNDB-2020-003402", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202003-1638", }, ], trust: 0.6, }, }
var-202105-1687
Vulnerability from variot
Vigor2960 is a product of DrayTek in Taiwan, China. It is a load balancing router and VPN gateway device.
DrayTek Vigor2960 has a command execution vulnerability, which can be exploited by attackers to obtain ROOT privileges.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202105-1687", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor2960", scope: "eq", trust: 0.6, vendor: "draytek", version: "1.5.1.2", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28718", }, ], }, cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2021-28718", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:H/Au:S/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [], severity: [ { author: "CNVD", id: "CNVD-2021-28718", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28718", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Vigor2960 is a product of DrayTek in Taiwan, China. It is a load balancing router and VPN gateway device.\n\r\n\r\nDrayTek Vigor2960 has a command execution vulnerability, which can be exploited by attackers to obtain ROOT privileges.", sources: [ { db: "CNVD", id: "CNVD-2021-28718", }, ], trust: 0.6, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "CNVD", id: "CNVD-2021-28718", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28718", }, ], }, id: "VAR-202105-1687", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-28718", }, ], trust: 1.2472222, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28718", }, ], }, last_update_date: "2022-05-04T09:02:09.235000Z", sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-28718", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-05-29T00:00:00", db: "CNVD", id: "CNVD-2021-28718", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-05-07T00:00:00", db: "CNVD", id: "CNVD-2021-28718", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Command execution vulnerability exists in DrayTek Vigor2960 (CNVD-2021-28718)", sources: [ { db: "CNVD", id: "CNVD-2021-28718", }, ], trust: 0.6, }, }
var-202003-0309
Vulnerability from variot
/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. Draytek Vigor3900 , Vigor2960 , Vigor300B On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
There is a security vulnerability in the /cgi-bin/activate.cgi file in Draytek Vigor3900 before 1.5.1, Vigor2960 before 1.5.1, and Vigor300B before 1.5.1
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0309", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor3900", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor300b", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, { model: "vigor300b", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, { model: "vigor3900", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29581", }, { db: "JVNDB", id: "JVNDB-2020-003410", }, { db: "NVD", id: "CVE-2020-10826", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-10826", }, ], }, cve: "CVE-2020-10826", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 10, confidentialityImpact: "Complete", exploitabilityScore: null, id: "JVNDB-2020-003410", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2020-29581", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-003410", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-10826", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "JVNDB-2020-003410", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2020-29581", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202003-1637", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29581", }, { db: "JVNDB", id: "JVNDB-2020-003410", }, { db: "NVD", id: "CVE-2020-10826", }, { db: "CNNVD", id: "CNNVD-202003-1637", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. Draytek Vigor3900 , Vigor2960 , Vigor300B On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. \n\r\n\r\nThere is a security vulnerability in the /cgi-bin/activate.cgi file in Draytek Vigor3900 before 1.5.1, Vigor2960 before 1.5.1, and Vigor300B before 1.5.1", sources: [ { db: "NVD", id: "CVE-2020-10826", }, { db: "JVNDB", id: "JVNDB-2020-003410", }, { db: "CNVD", id: "CNVD-2020-29581", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-10826", trust: 3, }, { db: "JVNDB", id: "JVNDB-2020-003410", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-29581", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202003-1637", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29581", }, { db: "JVNDB", id: "JVNDB-2020-003410", }, { db: "NVD", id: "CVE-2020-10826", }, { db: "CNNVD", id: "CNNVD-202003-1637", }, ], }, id: "VAR-202003-0309", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-29581", }, ], trust: 1.2428176466666667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29581", }, ], }, last_update_date: "2023-12-18T13:43:02.349000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.draytek.com/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-003410", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "CWE-78", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-003410", }, { db: "NVD", id: "CVE-2020-10826", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10826", }, { trust: 1.6, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10826", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29581", }, { db: "JVNDB", id: "JVNDB-2020-003410", }, { db: "NVD", id: "CVE-2020-10826", }, { db: "CNNVD", id: "CNNVD-202003-1637", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-29581", }, { db: "JVNDB", id: "JVNDB-2020-003410", }, { db: "NVD", id: "CVE-2020-10826", }, { db: "CNNVD", id: "CNNVD-202003-1637", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-23T00:00:00", db: "CNVD", id: "CNVD-2020-29581", }, { date: "2020-04-16T00:00:00", db: "JVNDB", id: "JVNDB-2020-003410", }, { date: "2020-03-26T17:15:23.377000", db: "NVD", id: "CVE-2020-10826", }, { date: "2020-03-26T00:00:00", db: "CNNVD", id: "CNNVD-202003-1637", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-23T00:00:00", db: "CNVD", id: "CNVD-2020-29581", }, { date: "2020-04-16T00:00:00", db: "JVNDB", id: "JVNDB-2020-003410", }, { date: "2022-04-22T19:06:55.360000", db: "NVD", id: "CVE-2020-10826", }, { date: "2022-04-24T00:00:00", db: "CNNVD", id: "CNNVD-202003-1637", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202003-1637", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Draytek In the product OS Command injection vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2020-003410", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202003-1637", }, ], trust: 0.6, }, }
var-202003-0311
Vulnerability from variot
A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
Draytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1 and Vigor300B versions prior to 1.5.1 have buffer overflow vulnerabilities, which stems from the program's failure to correctly check the boundary
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0311", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor3900", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor300b", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, { model: "vigor300b", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, { model: "vigor3900", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29583", }, { db: "JVNDB", id: "JVNDB-2020-003403", }, { db: "NVD", id: "CVE-2020-10828", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-10828", }, ], }, cve: "CVE-2020-10828", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-003403", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-29583", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-003403", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-10828", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "JVNDB-2020-003403", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2020-29583", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202003-1639", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29583", }, { db: "JVNDB", id: "JVNDB-2020-003403", }, { db: "NVD", id: "CVE-2020-10828", }, { db: "CNNVD", id: "CNNVD-202003-1639", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. \n\r\n\r\nDraytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1 and Vigor300B versions prior to 1.5.1 have buffer overflow vulnerabilities, which stems from the program's failure to correctly check the boundary", sources: [ { db: "NVD", id: "CVE-2020-10828", }, { db: "JVNDB", id: "JVNDB-2020-003403", }, { db: "CNVD", id: "CNVD-2020-29583", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-10828", trust: 3, }, { db: "JVNDB", id: "JVNDB-2020-003403", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-29583", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202003-1639", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29583", }, { db: "JVNDB", id: "JVNDB-2020-003403", }, { db: "NVD", id: "CVE-2020-10828", }, { db: "CNNVD", id: "CNNVD-202003-1639", }, ], }, id: "VAR-202003-0311", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-29583", }, ], trust: 1.2428176466666667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29583", }, ], }, last_update_date: "2023-12-18T12:35:44.003000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.draytek.com/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-003403", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-003403", }, { db: "NVD", id: "CVE-2020-10828", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10828", }, { trust: 1.6, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10828", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29583", }, { db: "JVNDB", id: "JVNDB-2020-003403", }, { db: "NVD", id: "CVE-2020-10828", }, { db: "CNNVD", id: "CNNVD-202003-1639", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-29583", }, { db: "JVNDB", id: "JVNDB-2020-003403", }, { db: "NVD", id: "CVE-2020-10828", }, { db: "CNNVD", id: "CNNVD-202003-1639", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-23T00:00:00", db: "CNVD", id: "CNVD-2020-29583", }, { date: "2020-04-15T00:00:00", db: "JVNDB", id: "JVNDB-2020-003403", }, { date: "2020-03-26T17:15:23.487000", db: "NVD", id: "CVE-2020-10828", }, { date: "2020-03-26T00:00:00", db: "CNNVD", id: "CNNVD-202003-1639", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-23T00:00:00", db: "CNVD", id: "CNVD-2020-29583", }, { date: "2020-04-15T00:00:00", db: "JVNDB", id: "JVNDB-2020-003403", }, { date: "2020-06-23T12:15:13.300000", db: "NVD", id: "CVE-2020-10828", }, { date: "2020-06-24T00:00:00", db: "CNNVD", id: "CNNVD-202003-1639", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202003-1639", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Draytek Out-of-bounds write vulnerabilities in the product", sources: [ { db: "JVNDB", id: "JVNDB-2020-003403", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202003-1639", }, ], trust: 0.6, }, }
var-202003-0307
Vulnerability from variot
A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3). Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
There is a buffer overflow vulnerability in the /cgi-bin/activate.cgi file in Draytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1 and Vigor300B versions prior to 1.5.1. This vulnerability stems from the program's failure to correctly check the boundary
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0307", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor3900", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor300b", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, { model: "vigor300b", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, { model: "vigor3900", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29579", }, { db: "JVNDB", id: "JVNDB-2020-003408", }, { db: "NVD", id: "CVE-2020-10824", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-10824", }, ], }, cve: "CVE-2020-10824", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-003408", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-29579", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-003408", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-10824", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "JVNDB-2020-003408", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2020-29579", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202003-1635", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29579", }, { db: "JVNDB", id: "JVNDB-2020-003408", }, { db: "NVD", id: "CVE-2020-10824", }, { db: "CNNVD", id: "CNNVD-202003-1635", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3). Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. \n\r\n\r\nThere is a buffer overflow vulnerability in the /cgi-bin/activate.cgi file in Draytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1 and Vigor300B versions prior to 1.5.1. This vulnerability stems from the program's failure to correctly check the boundary", sources: [ { db: "NVD", id: "CVE-2020-10824", }, { db: "JVNDB", id: "JVNDB-2020-003408", }, { db: "CNVD", id: "CNVD-2020-29579", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-10824", trust: 3, }, { db: "JVNDB", id: "JVNDB-2020-003408", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-29579", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202003-1635", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29579", }, { db: "JVNDB", id: "JVNDB-2020-003408", }, { db: "NVD", id: "CVE-2020-10824", }, { db: "CNNVD", id: "CNNVD-202003-1635", }, ], }, id: "VAR-202003-0307", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-29579", }, ], trust: 1.2428176466666667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29579", }, ], }, last_update_date: "2023-12-18T13:47:38.802000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.draytek.com/", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-003408", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-003408", }, { db: "NVD", id: "CVE-2020-10824", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://slashd.ga/2020/03/draytek-vulnerabilities/", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10824", }, { trust: 1.6, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10824", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-29579", }, { db: "JVNDB", id: "JVNDB-2020-003408", }, { db: "NVD", id: "CVE-2020-10824", }, { db: "CNNVD", id: "CNNVD-202003-1635", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-29579", }, { db: "JVNDB", id: "JVNDB-2020-003408", }, { db: "NVD", id: "CVE-2020-10824", }, { db: "CNNVD", id: "CNNVD-202003-1635", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-23T00:00:00", db: "CNVD", id: "CNVD-2020-29579", }, { date: "2020-04-16T00:00:00", db: "JVNDB", id: "JVNDB-2020-003408", }, { date: "2020-03-26T17:15:23.250000", db: "NVD", id: "CVE-2020-10824", }, { date: "2020-03-26T00:00:00", db: "CNNVD", id: "CNNVD-202003-1635", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-23T00:00:00", db: "CNVD", id: "CNVD-2020-29579", }, { date: "2020-04-16T00:00:00", db: "JVNDB", id: "JVNDB-2020-003408", }, { date: "2020-06-23T12:15:12.503000", db: "NVD", id: "CVE-2020-10824", }, { date: "2020-06-24T00:00:00", db: "CNNVD", id: "CNNVD-202003-1635", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202003-1635", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Draytek Out-of-bounds write vulnerabilities in the product", sources: [ { db: "JVNDB", id: "JVNDB-2020-003408", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202003-1635", }, ], trust: 0.6, }, }
var-202006-1005
Vulnerability from variot
A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi. Draytek Vigor2960 , Vigor3900 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900, etc. are all products of DrayTek, Taiwan, China. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
There is a buffer overflow vulnerability in DrayTek Vigor2960, Vigor3900 and Vigor300B versions before 1.5.1.1
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1005", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor3900", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1.1", }, { model: "vigor2960", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1.1", }, { model: "vigor300b", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1.1", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1.1", }, { model: "vigor3900", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21944", }, { db: "JVNDB", id: "JVNDB-2020-007077", }, { db: "NVD", id: "CVE-2020-14993", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-14993", }, ], }, cve: "CVE-2020-14993", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-007077", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2021-21944", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-007077", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-14993", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "JVNDB-2020-007077", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2021-21944", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202006-1596", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21944", }, { db: "JVNDB", id: "JVNDB-2020-007077", }, { db: "NVD", id: "CVE-2020-14993", }, { db: "CNNVD", id: "CNNVD-202006-1596", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi. Draytek Vigor2960 , Vigor3900 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900, etc. are all products of DrayTek, Taiwan, China. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. \n\r\n\r\nThere is a buffer overflow vulnerability in DrayTek Vigor2960, Vigor3900 and Vigor300B versions before 1.5.1.1", sources: [ { db: "NVD", id: "CVE-2020-14993", }, { db: "JVNDB", id: "JVNDB-2020-007077", }, { db: "CNVD", id: "CNVD-2021-21944", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-14993", trust: 3, }, { db: "JVNDB", id: "JVNDB-2020-007077", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-21944", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-1596", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21944", }, { db: "JVNDB", id: "JVNDB-2020-007077", }, { db: "NVD", id: "CVE-2020-14993", }, { db: "CNNVD", id: "CNNVD-202006-1596", }, ], }, id: "VAR-202006-1005", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-21944", }, ], trust: 1.2428176466666667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21944", }, ], }, last_update_date: "2023-12-18T13:42:53.946000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Vigor3900 / Vigor2960 / Vigor300B Stack-based buffer overflow Vulnerability (CVE-2020-14473 / CVE-2020-14993)", trust: 0.8, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-(cve-2020-14473)", }, { title: "DrayTek Security Advisory", trust: 0.8, url: "https://www.draytek.com/about/security-advisory", }, { title: "Patches for DrayTek Vigor2960, Vigor3900 and Vigor300B flushing area overflow vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/254556", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21944", }, { db: "JVNDB", id: "JVNDB-2020-007077", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-007077", }, { db: "NVD", id: "CVE-2020-14993", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-14993", }, { trust: 1.6, url: "https://github.com/dexterone/vigor-poc", }, { trust: 1.6, url: "https://www.draytek.com/about/security-advisory", }, { trust: 1, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14993", }, { trust: 0.6, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-(cve-2020-14473)", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21944", }, { db: "JVNDB", id: "JVNDB-2020-007077", }, { db: "NVD", id: "CVE-2020-14993", }, { db: "CNNVD", id: "CNNVD-202006-1596", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-21944", }, { db: "JVNDB", id: "JVNDB-2020-007077", }, { db: "NVD", id: "CVE-2020-14993", }, { db: "CNNVD", id: "CNNVD-202006-1596", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-03-24T00:00:00", db: "CNVD", id: "CNVD-2021-21944", }, { date: "2020-07-30T00:00:00", db: "JVNDB", id: "JVNDB-2020-007077", }, { date: "2020-06-23T12:15:13.503000", db: "NVD", id: "CVE-2020-14993", }, { date: "2020-06-23T00:00:00", db: "CNNVD", id: "CNNVD-202006-1596", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-04-13T00:00:00", db: "CNVD", id: "CNVD-2021-21944", }, { date: "2020-07-30T00:00:00", db: "JVNDB", id: "JVNDB-2020-007077", }, { date: "2023-11-07T03:17:23.410000", db: "NVD", id: "CVE-2020-14993", }, { date: "2020-06-30T00:00:00", db: "CNNVD", id: "CNNVD-202006-1596", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-1596", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural DrayTek Out-of-bounds write vulnerabilities in product devices", sources: [ { db: "JVNDB", id: "JVNDB-2020-007077", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202006-1596", }, ], trust: 0.6, }, }
var-202105-1686
Vulnerability from variot
Vigor2960 is a product of DrayTek in Taiwan, China. It is a load balancing router and VPN gateway device.
DrayTek Vigor2960 has a command execution vulnerability, which can be exploited by attackers to obtain ROOT privileges.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202105-1686", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor2960", scope: "eq", trust: 0.6, vendor: "draytek", version: "1.5.1.2", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28719", }, ], }, cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2021-28719", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:H/Au:S/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [], severity: [ { author: "CNVD", id: "CNVD-2021-28719", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28719", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Vigor2960 is a product of DrayTek in Taiwan, China. It is a load balancing router and VPN gateway device.\n\r\n\r\nDrayTek Vigor2960 has a command execution vulnerability, which can be exploited by attackers to obtain ROOT privileges.", sources: [ { db: "CNVD", id: "CNVD-2021-28719", }, ], trust: 0.6, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "CNVD", id: "CNVD-2021-28719", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28719", }, ], }, id: "VAR-202105-1686", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-28719", }, ], trust: 1.2472222, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-28719", }, ], }, last_update_date: "2022-05-04T09:21:22.337000Z", sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-28719", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-05-29T00:00:00", db: "CNVD", id: "CNVD-2021-28719", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-05-07T00:00:00", db: "CNVD", id: "CNVD-2021-28719", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Command execution vulnerability exists in DrayTek Vigor2960 (CNVD-2021-28719)", sources: [ { db: "CNVD", id: "CNVD-2021-28719", }, ], trust: 0.6, }, }
var-202006-0925
Vulnerability from variot
Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1. Vigor3900 , Vigor2960 and Vigor300B There is an out-of-bounds write vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900, etc. are all products of DrayTek, Taiwan, China. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. Attackers can use this vulnerability to execute arbitrary code or cause denial of service by sending long parameters
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0925", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor3900", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1.1", }, { model: "vigor2960", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1.1", }, { model: "vigor300b", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1.1", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1.1", }, { model: "vigor300b", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1.1", }, { model: "vigor3900", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21933", }, { db: "JVNDB", id: "JVNDB-2020-007147", }, { db: "NVD", id: "CVE-2020-14473", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-14473", }, ], }, cve: "CVE-2020-14473", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-007147", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2021-21933", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-007147", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-14473", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "JVNDB-2020-007147", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2021-21933", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202006-1696", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21933", }, { db: "JVNDB", id: "JVNDB-2020-007147", }, { db: "NVD", id: "CVE-2020-14473", }, { db: "CNNVD", id: "CNNVD-202006-1696", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1. Vigor3900 , Vigor2960 and Vigor300B There is an out-of-bounds write vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900, etc. are all products of DrayTek, Taiwan, China. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. Attackers can use this vulnerability to execute arbitrary code or cause denial of service by sending long parameters", sources: [ { db: "NVD", id: "CVE-2020-14473", }, { db: "JVNDB", id: "JVNDB-2020-007147", }, { db: "CNVD", id: "CNVD-2021-21933", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-14473", trust: 3, }, { db: "JVNDB", id: "JVNDB-2020-007147", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-21933", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-1696", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21933", }, { db: "JVNDB", id: "JVNDB-2020-007147", }, { db: "NVD", id: "CVE-2020-14473", }, { db: "CNNVD", id: "CNNVD-202006-1696", }, ], }, id: "VAR-202006-0925", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-21933", }, ], trust: 1.2428176466666667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21933", }, ], }, last_update_date: "2023-12-18T12:56:01.194000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Vigor3900 / Vigor2960 / Vigor300B Stack-based buffer overflow Vulnerability (CVE-2020-14473 / CVE-2020-14993)", trust: 0.8, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-(cve-2020-14473)", }, { title: "Patch for DrayTek Vigor3900, Vigor2960 and Vigor300B stack buffer overflow vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/254511", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21933", }, { db: "JVNDB", id: "JVNDB-2020-007147", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-007147", }, { db: "NVD", id: "CVE-2020-14473", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-14473", }, { trust: 1.6, url: "https://github.com/cossack9989/vulns/blob/master/iot/cve-2020-14473.md", }, { trust: 1, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14473", }, { trust: 0.6, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-(cve-2020-14473)", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21933", }, { db: "JVNDB", id: "JVNDB-2020-007147", }, { db: "NVD", id: "CVE-2020-14473", }, { db: "CNNVD", id: "CNNVD-202006-1696", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-21933", }, { db: "JVNDB", id: "JVNDB-2020-007147", }, { db: "NVD", id: "CVE-2020-14473", }, { db: "CNNVD", id: "CNNVD-202006-1696", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-03-24T00:00:00", db: "CNVD", id: "CNVD-2021-21933", }, { date: "2020-08-04T00:00:00", db: "JVNDB", id: "JVNDB-2020-007147", }, { date: "2020-06-24T17:15:12.117000", db: "NVD", id: "CVE-2020-14473", }, { date: "2020-06-24T00:00:00", db: "CNNVD", id: "CNNVD-202006-1696", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-03-24T00:00:00", db: "CNVD", id: "CNVD-2021-21933", }, { date: "2020-08-04T00:00:00", db: "JVNDB", id: "JVNDB-2020-007147", }, { date: "2023-11-07T03:17:14.487000", db: "NVD", id: "CVE-2020-14473", }, { date: "2020-07-02T00:00:00", db: "CNNVD", id: "CNNVD-202006-1696", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-1696", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Vigor Out-of-bounds write vulnerabilities in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2020-007147", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202006-1696", }, ], trust: 0.6, }, }
var-202002-1447
Vulnerability from variot
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1. plural DrayTek The product contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor300B is an enterprise router.
DrayTek Vigor300B cgi-bin / mainfunction.cgi URI does not handle SHELL characters correctly. Remote attackers can use this vulnerability to submit special requests and can execute arbitrary commands with ROOT permissions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202002-1447", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor3900", scope: "eq", trust: 1, vendor: "draytek", version: "1.4.4", }, { model: "vigor2960", scope: "eq", trust: 1, vendor: "draytek", version: "1.3.1", }, { model: "vigor300b", scope: "eq", trust: 1, vendor: "draytek", version: "1.3.3", }, { model: "vigor300b", scope: "eq", trust: 1, vendor: "draytek", version: "1.4.4", }, { model: "vigor300b", scope: "eq", trust: 1, vendor: "draytek", version: "1.4.2.1", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.3.1_beta", }, { model: "vigor300b", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.3.3_beta", }, { model: "vigor300b", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.4.2.1_beta", }, { model: "vigor300b", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.4.4_beta", }, { model: "vigor3900", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.4.4_beta", }, { model: "vigor300b 1.4.4 beta", scope: null, trust: 0.6, vendor: "draytek", version: null, }, { model: "vigor300b 1.3.3 beta", scope: null, trust: 0.6, vendor: "draytek", version: null, }, { model: "vigor300b 1.4.2.1 beta", scope: null, trust: 0.6, vendor: "draytek", version: null, }, { model: "vigor2960 1.3.1 beta", scope: null, trust: 0.6, vendor: "draytek", version: null, }, { model: "vigor3900 1.4.4 beta", scope: null, trust: 0.6, vendor: "draytek", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-08128", }, { db: "JVNDB", id: "JVNDB-2020-001735", }, { db: "NVD", id: "CVE-2020-8515", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:1.3.1:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:1.3.3:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:1.4.2.1:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:1.4.4:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor3900_firmware:1.4.4:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-8515", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "0xsha", sources: [ { db: "CNNVD", id: "CNNVD-202002-001", }, ], trust: 0.6, }, cve: "CVE-2020-8515", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 10, confidentialityImpact: "Complete", exploitabilityScore: null, id: "JVNDB-2020-001735", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2020-08128", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2020-8515", impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "HIGH", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-001735", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-8515", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "JVNDB-2020-001735", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2020-08128", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202002-001", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2020-8515", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-08128", }, { db: "VULMON", id: "CVE-2020-8515", }, { db: "JVNDB", id: "JVNDB-2020-001735", }, { db: "CNNVD", id: "CNNVD-202002-001", }, { db: "NVD", id: "CVE-2020-8515", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1. plural DrayTek The product contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor300B is an enterprise router. \n\r\n\r\nDrayTek Vigor300B cgi-bin / mainfunction.cgi URI does not handle SHELL characters correctly. Remote attackers can use this vulnerability to submit special requests and can execute arbitrary commands with ROOT permissions", sources: [ { db: "NVD", id: "CVE-2020-8515", }, { db: "JVNDB", id: "JVNDB-2020-001735", }, { db: "CNVD", id: "CNVD-2020-08128", }, { db: "VULMON", id: "CVE-2020-8515", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-8515", trust: 3.1, }, { db: "PACKETSTORM", id: "156979", trust: 1.6, }, { db: "JVNDB", id: "JVNDB-2020-001735", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-08128", trust: 0.6, }, { db: "CXSECURITY", id: "WLB-2020040007", trust: 0.6, }, { db: "EXPLOIT-DB", id: "48268", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202002-001", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-8515", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-08128", }, { db: "VULMON", id: "CVE-2020-8515", }, { db: "JVNDB", id: "JVNDB-2020-001735", }, { db: "CNNVD", id: "CNNVD-202002-001", }, { db: "NVD", id: "CVE-2020-8515", }, ], }, id: "VAR-202002-1447", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-08128", }, ], trust: 1.4214088233333333, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-08128", }, ], }, last_update_date: "2024-01-17T20:44:00.665000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Vulnerability (CVE-2020-8515)", trust: 0.8, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/", }, { title: "Patch for DrayTek Vigor Series Arbitrary Command Execution Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/200739", }, { title: "CVE-2020-8515", trust: 0.1, url: "https://github.com/darrenmartyn/cve-2020-8515 ", }, { title: "CVE-2020-8515-PoC", trust: 0.1, url: "https://github.com/imjdl/cve-2020-8515-poc ", }, { title: "nmap_draytek_rce", trust: 0.1, url: "https://github.com/truerandom/nmap_draytek_rce ", }, { title: "Homework-of-Python", trust: 0.1, url: "https://github.com/3gstudent/homework-of-python ", }, { title: "Awesome iot security resource", trust: 0.1, url: "https://github.com/f0cus77/awesome-iot-security-resource ", }, { title: "Awesome iot security resource", trust: 0.1, url: "https://github.com/f1tao/awesome-iot-security-resource ", }, { title: "https://github.com/k8gege/Ladon", trust: 0.1, url: "https://github.com/k8gege/ladon ", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-08128", }, { db: "VULMON", id: "CVE-2020-8515", }, { db: "JVNDB", id: "JVNDB-2020-001735", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1, }, { problemtype: "CWE-74", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-001735", }, { db: "NVD", id: "CVE-2020-8515", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.2, url: "https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html", }, { trust: 1.6, url: "http://packetstormsecurity.com/files/156979/draytek-vigor2960-vigor3900-vigor300b-remote-command-execution.html", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-8515", }, { trust: 1, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-%28cve-2020-8515%29/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8515", }, { trust: 0.6, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/", }, { trust: 0.6, url: "https://cxsecurity.com/issue/wlb-2020040007", }, { trust: 0.6, url: "https://www.exploit-db.com/exploits/48268", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-08128", }, { db: "JVNDB", id: "JVNDB-2020-001735", }, { db: "CNNVD", id: "CNNVD-202002-001", }, { db: "NVD", id: "CVE-2020-8515", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-08128", }, { db: "VULMON", id: "CVE-2020-8515", }, { db: "JVNDB", id: "JVNDB-2020-001735", }, { db: "CNNVD", id: "CNNVD-202002-001", }, { db: "NVD", id: "CVE-2020-8515", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-14T00:00:00", db: "CNVD", id: "CNVD-2020-08128", }, { date: "2020-02-01T00:00:00", db: "VULMON", id: "CVE-2020-8515", }, { date: "2020-02-21T00:00:00", db: "JVNDB", id: "JVNDB-2020-001735", }, { date: "2020-02-01T00:00:00", db: "CNNVD", id: "CNNVD-202002-001", }, { date: "2020-02-01T13:15:12.623000", db: "NVD", id: "CVE-2020-8515", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-14T00:00:00", db: "CNVD", id: "CNVD-2020-08128", }, { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2020-8515", }, { date: "2020-02-21T00:00:00", db: "JVNDB", id: "JVNDB-2020-001735", }, { date: "2022-01-04T00:00:00", db: "CNNVD", id: "CNNVD-202002-001", }, { date: "2023-11-07T03:26:36.773000", db: "NVD", id: "CVE-2020-8515", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202002-001", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural DrayTek Product injection vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2020-001735", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202002-001", }, ], trust: 0.6, }, }
var-202006-1056
Vulnerability from variot
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472. DrayTek Vigor3900 , Vigor2960 , Vigor300B On the device OS A command injection vulnerability exists. This vulnerability is CVE-2020-14472 Is a different vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900, etc. are all products of DrayTek, Taiwan, China. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. Attackers can use shell metacharacters to use this vulnerability to execute commands
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1056", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor3900", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor300b", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, { model: "vigor300b", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, { model: "vigor3900", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-51416", }, { db: "JVNDB", id: "JVNDB-2020-007241", }, { db: "NVD", id: "CVE-2020-15415", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-15415", }, ], }, cve: "CVE-2020-15415", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-007241", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-51416", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2020-15415", impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "HIGH", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-007241", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-15415", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "JVNDB-2020-007241", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2020-51416", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202006-1856", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-15415", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-51416", }, { db: "VULMON", id: "CVE-2020-15415", }, { db: "JVNDB", id: "JVNDB-2020-007241", }, { db: "NVD", id: "CVE-2020-15415", }, { db: "CNNVD", id: "CNNVD-202006-1856", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472. DrayTek Vigor3900 , Vigor2960 , Vigor300B On the device OS A command injection vulnerability exists. This vulnerability is CVE-2020-14472 Is a different vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900, etc. are all products of DrayTek, Taiwan, China. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. Attackers can use shell metacharacters to use this vulnerability to execute commands", sources: [ { db: "NVD", id: "CVE-2020-15415", }, { db: "JVNDB", id: "JVNDB-2020-007241", }, { db: "CNVD", id: "CNVD-2020-51416", }, { db: "VULMON", id: "CVE-2020-15415", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-15415", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2020-007241", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-51416", trust: 0.6, }, { db: "NSFOCUS", id: "49471", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-1856", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-15415", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-51416", }, { db: "VULMON", id: "CVE-2020-15415", }, { db: "JVNDB", id: "JVNDB-2020-007241", }, { db: "NVD", id: "CVE-2020-15415", }, { db: "CNNVD", id: "CNNVD-202006-1856", }, ], }, id: "VAR-202006-1056", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-51416", }, ], trust: 1.2428176466666667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-51416", }, ], }, last_update_date: "2023-12-18T12:35:29.810000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DrayTek Security Advisory", trust: 0.8, url: "https://www.draytek.com/about/security-advisory", }, { title: "Patch for DrayTek Vigor3900, Vigor2960 and Vigor300B operating system command injection vulnerability (CNVD-2020-51416)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/233443", }, { title: "DrayTek Vigor3900 , Vigor2960 and Vigor300B Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=123101", }, { title: "", trust: 0.1, url: "https://github.com/20142995/pocsuite3 ", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-51416", }, { db: "VULMON", id: "CVE-2020-15415", }, { db: "JVNDB", id: "JVNDB-2020-007241", }, { db: "CNNVD", id: "CNNVD-202006-1856", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-007241", }, { db: "NVD", id: "CVE-2020-15415", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-15415", }, { trust: 1.7, url: "https://github.com/clp-team/vigor-commond-injection", }, { trust: 1.7, url: "https://www.draytek.com/about/security-advisory", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15415", }, { trust: 0.6, url: "http://www.nsfocus.net/vulndb/49471", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/20142995/pocsuite3", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-51416", }, { db: "VULMON", id: "CVE-2020-15415", }, { db: "JVNDB", id: "JVNDB-2020-007241", }, { db: "NVD", id: "CVE-2020-15415", }, { db: "CNNVD", id: "CNNVD-202006-1856", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-51416", }, { db: "VULMON", id: "CVE-2020-15415", }, { db: "JVNDB", id: "JVNDB-2020-007241", }, { db: "NVD", id: "CVE-2020-15415", }, { db: "CNNVD", id: "CNNVD-202006-1856", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-10T00:00:00", db: "CNVD", id: "CNVD-2020-51416", }, { date: "2020-06-30T00:00:00", db: "VULMON", id: "CVE-2020-15415", }, { date: "2020-08-05T00:00:00", db: "JVNDB", id: "JVNDB-2020-007241", }, { date: "2020-06-30T14:15:11.953000", db: "NVD", id: "CVE-2020-15415", }, { date: "2020-06-30T00:00:00", db: "CNNVD", id: "CNNVD-202006-1856", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-10T00:00:00", db: "CNVD", id: "CNVD-2020-51416", }, { date: "2020-07-02T00:00:00", db: "VULMON", id: "CVE-2020-15415", }, { date: "2020-08-05T00:00:00", db: "JVNDB", id: "JVNDB-2020-007241", }, { date: "2020-07-02T22:55:54.263000", db: "NVD", id: "CVE-2020-15415", }, { date: "2020-10-14T00:00:00", db: "CNNVD", id: "CNNVD-202006-1856", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-1856", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural DrayTek On the device OS Command injection vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2020-007241", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202006-1856", }, ], trust: 0.6, }, }
var-202101-1998
Vulnerability from variot
Vigor2960 is a product of DrayTek in Taiwan, China. It is a load balancing router and VPN gateway device.
Vigor2960 has a command execution vulnerability, which can be exploited by attackers to gain control of the server.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1998", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor2960", scope: "eq", trust: 0.6, vendor: "draytek", version: "1.5.1.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-69486", }, ], }, cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2020-69486", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [], severity: [ { author: "CNVD", id: "CNVD-2020-69486", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-69486", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Vigor2960 is a product of DrayTek in Taiwan, China. It is a load balancing router and VPN gateway device.\n\r\n\r\nVigor2960 has a command execution vulnerability, which can be exploited by attackers to gain control of the server.", sources: [ { db: "CNVD", id: "CNVD-2020-69486", }, ], trust: 0.6, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "CNVD", id: "CNVD-2020-69486", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-69486", }, ], }, id: "VAR-202101-1998", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-69486", }, ], trust: 1.2472222, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-69486", }, ], }, last_update_date: "2022-05-04T10:25:28.805000Z", sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-69486", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-01-04T00:00:00", db: "CNVD", id: "CNVD-2020-69486", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-12-08T00:00:00", db: "CNVD", id: "CNVD-2020-69486", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Vigor2960 has command execution vulnerability", sources: [ { db: "CNVD", id: "CNVD-2020-69486", }, ], trust: 0.6, }, }
var-202302-2018
Vulnerability from variot
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. DrayTek Corporation of Vigor2960 A path traversal vulnerability exists in firmware.Information may be obtained. The attack needs to be done within the local network
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202302-2018", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor2960", scope: "eq", trust: 1, vendor: "draytek", version: "1.5.1.4", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: null, }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "vigor2960 firmware 1.5.1.4", }, { model: "vigor2960", scope: null, trust: 0.8, vendor: "draytek", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004595", }, { db: "NVD", id: "CVE-2023-1009", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-1009", }, ], }, cve: "CVE-2023-1009", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "cna@vuldb.com", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "cna@vuldb.com", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "None", baseScore: 5.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-1009", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-1009", trust: 1.8, value: "MEDIUM", }, { author: "cna@vuldb.com", id: "CVE-2023-1009", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202302-1984", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004595", }, { db: "CNNVD", id: "CNNVD-202302-1984", }, { db: "NVD", id: "CVE-2023-1009", }, { db: "NVD", id: "CVE-2023-1009", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. DrayTek Corporation of Vigor2960 A path traversal vulnerability exists in firmware.Information may be obtained. The attack needs to be done within the local network", sources: [ { db: "NVD", id: "CVE-2023-1009", }, { db: "JVNDB", id: "JVNDB-2023-004595", }, { db: "VULMON", id: "CVE-2023-1009", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-1009", trust: 3.3, }, { db: "VULDB", id: "221742", trust: 2.5, }, { db: "JVNDB", id: "JVNDB-2023-004595", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202302-1984", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-1009", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-1009", }, { db: "JVNDB", id: "JVNDB-2023-004595", }, { db: "CNNVD", id: "CNNVD-202302-1984", }, { db: "NVD", id: "CVE-2023-1009", }, ], }, id: "VAR-202302-2018", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.59962404, }, last_update_date: "2024-05-17T23:03:17.258000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-22", trust: 1, }, { problemtype: "Path traversal (CWE-22) [ others ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-004595", }, { db: "NVD", id: "CVE-2023-1009", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/xxy1126/vuln/blob/main/draytek/1.md", }, { trust: 2.5, url: "https://vuldb.com/?id.221742", }, { trust: 1.7, url: "https://vuldb.com/?ctiid.221742", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-1009", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-1009/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/22.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-1009", }, { db: "JVNDB", id: "JVNDB-2023-004595", }, { db: "CNNVD", id: "CNNVD-202302-1984", }, { db: "NVD", id: "CVE-2023-1009", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-1009", }, { db: "JVNDB", id: "JVNDB-2023-004595", }, { db: "CNNVD", id: "CNNVD-202302-1984", }, { db: "NVD", id: "CVE-2023-1009", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-24T00:00:00", db: "VULMON", id: "CVE-2023-1009", }, { date: "2023-10-31T00:00:00", db: "JVNDB", id: "JVNDB-2023-004595", }, { date: "2023-02-24T00:00:00", db: "CNNVD", id: "CNNVD-202302-1984", }, { date: "2023-02-24T11:15:10.997000", db: "NVD", id: "CVE-2023-1009", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-24T00:00:00", db: "VULMON", id: "CVE-2023-1009", }, { date: "2023-10-31T05:57:00", db: "JVNDB", id: "JVNDB-2023-004595", }, { date: "2023-03-07T00:00:00", db: "CNNVD", id: "CNNVD-202302-1984", }, { date: "2024-05-17T02:17:44.423000", db: "NVD", id: "CVE-2023-1009", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202302-1984", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "DrayTek Corporation of Vigor2960 Path traversal vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-004595", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "path traversal", sources: [ { db: "CNNVD", id: "CNNVD-202302-1984", }, ], trust: 0.6, }, }
var-202311-1790
Vulnerability from variot
** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported. ** Not supported ** This is a vulnerability in an unsupported product. DrayTek Corporation of Vigor2960 A path traversal vulnerability exists in firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202311-1790", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor2960", scope: "eq", trust: 1, vendor: "draytek", version: "1.5.1.5", }, { model: "vigor2960", scope: "eq", trust: 1, vendor: "draytek", version: "1.5.1.4", }, { model: "vigor2960", scope: null, trust: 0.8, vendor: "draytek", version: null, }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "vigor2960 firmware 1.5.1.5", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: null, }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "vigor2960 firmware 1.5.1.4", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-018271", }, { db: "NVD", id: "CVE-2023-6265", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-6265", }, ], }, cve: "CVE-2023-6265", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 5.2, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "9119a7d8-5eab-497f-8521-727c672e3725", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.1, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2023-6265", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-6265", trust: 1.8, value: "HIGH", }, { author: "9119a7d8-5eab-497f-8521-727c672e3725", id: "CVE-2023-6265", trust: 1, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-018271", }, { db: "NVD", id: "CVE-2023-6265", }, { db: "NVD", id: "CVE-2023-6265", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported. ** Not supported ** This is a vulnerability in an unsupported product. DrayTek Corporation of Vigor2960 A path traversal vulnerability exists in firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-6265", }, { db: "JVNDB", id: "JVNDB-2023-018271", }, { db: "VULMON", id: "CVE-2023-6265", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-6265", trust: 2.7, }, { db: "JVNDB", id: "JVNDB-2023-018271", trust: 0.8, }, { db: "VULMON", id: "CVE-2023-6265", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-6265", }, { db: "JVNDB", id: "JVNDB-2023-018271", }, { db: "NVD", id: "CVE-2023-6265", }, ], }, id: "VAR-202311-1790", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.59962404, }, last_update_date: "2024-05-17T23:03:14.959000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-22", trust: 1, }, { problemtype: "Path traversal (CWE-22) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-018271", }, { db: "NVD", id: "CVE-2023-6265", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://github.com/xxy1126/vuln/blob/main/draytek/4.md", }, { trust: 1.9, url: "https://www.draytek.com/products/vigor2960/", }, { trust: 1.8, url: "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-6265", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-6265", }, { db: "JVNDB", id: "JVNDB-2023-018271", }, { db: "NVD", id: "CVE-2023-6265", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-6265", }, { db: "JVNDB", id: "JVNDB-2023-018271", }, { db: "NVD", id: "CVE-2023-6265", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-22T00:00:00", db: "VULMON", id: "CVE-2023-6265", }, { date: "2024-01-11T00:00:00", db: "JVNDB", id: "JVNDB-2023-018271", }, { date: "2023-11-22T20:15:09.600000", db: "NVD", id: "CVE-2023-6265", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-24T00:00:00", db: "VULMON", id: "CVE-2023-6265", }, { date: "2024-01-11T01:53:00", db: "JVNDB", id: "JVNDB-2023-018271", }, { date: "2024-05-17T02:33:36.357000", db: "NVD", id: "CVE-2023-6265", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "DrayTek Corporation of Vigor2960 Path traversal vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-018271", }, ], trust: 0.8, }, }
var-202203-1780
Vulnerability from variot
A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code. DrayTek Corporation of Vigor2960 firmware, Vigor3900 firmware, Vigor300b Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DrayTek Vigor is a router
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1780", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor3900", scope: "eq", trust: 1.6, vendor: "draytek", version: "1.5.1.3", }, { model: "vigor2960", scope: "eq", trust: 1.6, vendor: "draytek", version: "1.5.1.3", }, { model: "vigor300b", scope: "eq", trust: 1.6, vendor: "draytek", version: "1.5.1.3", }, { model: "vigor3900", scope: null, trust: 0.8, vendor: "draytek", version: null, }, { model: "vigor2960", scope: null, trust: 0.8, vendor: "draytek", version: null, }, { model: "vigor300b", scope: null, trust: 0.8, vendor: "draytek", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-31821", }, { db: "JVNDB", id: "JVNDB-2021-019125", }, { db: "NVD", id: "CVE-2021-43118", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor3900_firmware:1.5.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:1.5.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-43118", }, ], }, cve: "CVE-2021-43118", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2021-43118", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2022-31821", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-43118", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-43118", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2022-31821", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202203-2511", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-31821", }, { db: "JVNDB", id: "JVNDB-2021-019125", }, { db: "NVD", id: "CVE-2021-43118", }, { db: "CNNVD", id: "CNNVD-202203-2511", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code. DrayTek Corporation of Vigor2960 firmware, Vigor3900 firmware, Vigor300b Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DrayTek Vigor is a router", sources: [ { db: "NVD", id: "CVE-2021-43118", }, { db: "JVNDB", id: "JVNDB-2021-019125", }, { db: "CNVD", id: "CNVD-2022-31821", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-43118", trust: 3.8, }, { db: "JVNDB", id: "JVNDB-2021-019125", trust: 0.8, }, { db: "CNVD", id: "CNVD-2022-31821", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202203-2511", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-31821", }, { db: "JVNDB", id: "JVNDB-2021-019125", }, { db: "NVD", id: "CVE-2021-43118", }, { db: "CNNVD", id: "CNNVD-202203-2511", }, ], }, id: "VAR-202203-1780", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-31821", }, ], trust: 1.2428176466666667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-31821", }, ], }, last_update_date: "2023-12-18T13:06:48.496000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for DrayTek Vigor Remote Command Injection Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/330831", }, { title: "Multiple DrayTek Vigor Product Command Injection Vulnerability Fixes", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=189403", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-31821", }, { db: "CNNVD", id: "CNNVD-202203-2511", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-019125", }, { db: "NVD", id: "CVE-2021-43118", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://gist.github.com/cossack9989/6034c077f46e4f06d0992e9f2fae7f26", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-43118", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2021-43118/", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-31821", }, { db: "JVNDB", id: "JVNDB-2021-019125", }, { db: "NVD", id: "CVE-2021-43118", }, { db: "CNNVD", id: "CNNVD-202203-2511", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-31821", }, { db: "JVNDB", id: "JVNDB-2021-019125", }, { db: "NVD", id: "CVE-2021-43118", }, { db: "CNNVD", id: "CNNVD-202203-2511", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-24T00:00:00", db: "CNVD", id: "CNVD-2022-31821", }, { date: "2023-07-18T00:00:00", db: "JVNDB", id: "JVNDB-2021-019125", }, { date: "2022-03-29T20:15:07.733000", db: "NVD", id: "CVE-2021-43118", }, { date: "2022-03-29T00:00:00", db: "CNNVD", id: "CNNVD-202203-2511", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-04-24T00:00:00", db: "CNVD", id: "CNVD-2022-31821", }, { date: "2023-07-18T08:33:00", db: "JVNDB", id: "JVNDB-2021-019125", }, { date: "2022-04-05T18:22:12.210000", db: "NVD", id: "CVE-2021-43118", }, { date: "2022-04-15T00:00:00", db: "CNNVD", id: "CNNVD-202203-2511", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202203-2511", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural DrayTek Corporation Command injection vulnerabilities in the product", sources: [ { db: "JVNDB", id: "JVNDB-2021-019125", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202203-2511", }, ], trust: 0.6, }, }
var-202006-0924
Vulnerability from variot
On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file. Draytek Vigor3900 , Vigor2960 and Vigor300B A code injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900, etc. are all products of DrayTek, Taiwan, China. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. A remote attacker can use this vulnerability to execute arbitrary code with the help of a specially crafted request
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0924", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "vigor3900", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1.1", }, { model: "vigor2960", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1.1", }, { model: "vigor300b", scope: "lt", trust: 1.6, vendor: "draytek", version: "1.5.1.1", }, { model: "vigor2960", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1.1", }, { model: "vigor300b", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1.1", }, { model: "vigor3900", scope: "eq", trust: 0.8, vendor: "draytek", version: "1.5.1.1", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21932", }, { db: "JVNDB", id: "JVNDB-2020-007146", }, { db: "NVD", id: "CVE-2020-14472", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.5.1.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-14472", }, ], }, cve: "CVE-2020-14472", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-007146", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2021-21932", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2020-14472", impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "HIGH", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-007146", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-14472", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "JVNDB-2020-007146", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2021-21932", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202006-1695", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2020-14472", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21932", }, { db: "VULMON", id: "CVE-2020-14472", }, { db: "JVNDB", id: "JVNDB-2020-007146", }, { db: "NVD", id: "CVE-2020-14472", }, { db: "CNNVD", id: "CNNVD-202006-1695", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file. Draytek Vigor3900 , Vigor2960 and Vigor300B A code injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900, etc. are all products of DrayTek, Taiwan, China. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. A remote attacker can use this vulnerability to execute arbitrary code with the help of a specially crafted request", sources: [ { db: "NVD", id: "CVE-2020-14472", }, { db: "JVNDB", id: "JVNDB-2020-007146", }, { db: "CNVD", id: "CNVD-2021-21932", }, { db: "VULMON", id: "CVE-2020-14472", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-14472", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2020-007146", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-21932", trust: 0.6, }, { db: "NSFOCUS", id: "49567", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-1695", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-14472", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21932", }, { db: "VULMON", id: "CVE-2020-14472", }, { db: "JVNDB", id: "JVNDB-2020-007146", }, { db: "NVD", id: "CVE-2020-14472", }, { db: "CNNVD", id: "CNNVD-202006-1695", }, ], }, id: "VAR-202006-0924", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-21932", }, ], trust: 1.2428176466666667, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21932", }, ], }, last_update_date: "2023-12-18T12:27:27.412000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.draytek.com/", }, { title: "Patch for DrayTek Vigor3900, Vigor2960 and Vigor300B code injection vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/254516", }, { title: "DrayTek Vigor3900 , Vigor2960 and Vigor300B Fixes for code injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=123053", }, { title: "", trust: 0.1, url: "https://github.com/f1tao/awesome-iot-security-resource ", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21932", }, { db: "VULMON", id: "CVE-2020-14472", }, { db: "JVNDB", id: "JVNDB-2020-007146", }, { db: "CNNVD", id: "CNNVD-202006-1695", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "CWE-94", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-007146", }, { db: "NVD", id: "CVE-2020-14472", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://gist.github.com/winmin/46165779215f1d47ec257210428c0240", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-14472", }, { trust: 1.7, url: "https://gist.github.com/cossack9989/fa9718434ceee4e6d4f6b0ad672c10f1", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14472", }, { trust: 0.6, url: "https://github.com/cossack9989/vulns/blob/master/iot/cve-2020-14472.md", }, { trust: 0.6, url: "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-(cve-2020-14472)", }, { trust: 0.6, url: "http://www.nsfocus.net/vulndb/49567", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/f1tao/awesome-iot-security-resource", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-21932", }, { db: "VULMON", id: "CVE-2020-14472", }, { db: "JVNDB", id: "JVNDB-2020-007146", }, { db: "NVD", id: "CVE-2020-14472", }, { db: "CNNVD", id: "CNNVD-202006-1695", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-21932", }, { db: "VULMON", id: "CVE-2020-14472", }, { db: "JVNDB", id: "JVNDB-2020-007146", }, { db: "NVD", id: "CVE-2020-14472", }, { db: "CNNVD", id: "CNNVD-202006-1695", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-03-24T00:00:00", db: "CNVD", id: "CNVD-2021-21932", }, { date: "2020-06-24T00:00:00", db: "VULMON", id: "CVE-2020-14472", }, { date: "2020-08-04T00:00:00", db: "JVNDB", id: "JVNDB-2020-007146", }, { date: "2020-06-24T17:15:11.790000", db: "NVD", id: "CVE-2020-14472", }, { date: "2020-06-24T00:00:00", db: "CNNVD", id: "CNNVD-202006-1695", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-03-24T00:00:00", db: "CNVD", id: "CNVD-2021-21932", }, { date: "2021-12-21T00:00:00", db: "VULMON", id: "CVE-2020-14472", }, { date: "2020-08-04T00:00:00", db: "JVNDB", id: "JVNDB-2020-007146", }, { date: "2021-12-21T01:29:02.553000", db: "NVD", id: "CVE-2020-14472", }, { date: "2021-12-22T00:00:00", db: "CNNVD", id: "CNNVD-202006-1695", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-1695", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural DrayTek Code injection vulnerabilities in product devices", sources: [ { db: "JVNDB", id: "JVNDB-2020-007146", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202006-1695", }, ], trust: 0.6, }, }