10
CVE-2020-8515
- EPSS 94.36%
- Veröffentlicht 01.02.2020 13:15:12
- Zuletzt bearbeitet 07.11.2025 22:04:15
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginDrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Draytek ≫ Vigor2960 Firmware Version1.3.1 Updatebeta
Draytek ≫ Vigor300b Firmware Version1.3.3 Updatebeta
Draytek ≫ Vigor300b Firmware Version1.4.2.1 Updatebeta
Draytek ≫ Vigor300b Firmware Version1.4.4 Updatebeta
Draytek ≫ Vigor3900 Firmware Version1.4.4 Updatebeta
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Multiple DrayTek Vigor Routers Web Management Page Vulnerability
SchwachstelleDrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.36% | 1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.