admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 02:31:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/DrayTek/CVE-2020-8515
History
tardc 1b760ce90b Add CVE-2020-8515
2020-06-08 16:22:05 +08:00
..
README.md
Add CVE-2020-8515
2020-06-08 16:22:05 +08:00

README.md

CVE-2020-8515 DrayTek pre-auth remote root RCE

DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.

Affected version: Vigor 2960 1.3.1_Beta, Vigor 3900 1.4.4_Beta, and Vigor 300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta

FOFA query rule: title="Vigor 2960" || title="Vigor 3900" || title="Vigor 300B"

Demo