admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2020-8515

Browse Source
This commit is contained in:
tardc 2020-06-08 16:22:05 +08:00
parent 6034d6c501
commit 1b760ce90b
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
DrayTek/CVE-2020-8515/README.md Normal file
View File

@ -0,0 +1,10 @@
# CVE-2020-8515 DrayTek pre-auth remote root RCE
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
**Affected version**: Vigor 2960 1.3.1_Beta, Vigor 3900 1.4.4_Beta, and Vigor 300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta
**[FOFA](https://fofa.so/result?qbase64=dGl0bGU9IlZpZ29yIDI5NjAiIHx8IHRpdGxlPSJWaWdvciAzOTAwIiB8fCB0%0AaXRsZT0iVmlnb3IgMzAwQiI%3D) query rule**: title="Vigor 2960" || title="Vigor 3900" || title="Vigor 300B"
# Demo