8.8
CVE-2023-1162
- EPSS 26.05%
- Veröffentlicht 03.03.2023 07:15:09
- Zuletzt bearbeitet 21.11.2024 07:38:34
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginDrayTek Vigor 2960 Web Management Interface mainfunction.cgi command injection
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument password leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Draytek ≫ Vigor 2960 Firmware Version1.5.1.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 26.05% | 0.977 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 8.3 | 6.4 | 10 |
AV:N/AC:L/Au:M/C:C/I:C/A:C
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
https://github.com/xxy1126/Vuln/blob/main/Draytek/2.md
https://vuldb.com/?ctiid.222258
https://vuldb.com/?id.222258