cve/2023/CVE-2023-6265.md

### [CVE-2023-6265](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6265)
![](https://img.shields.io/static/v1?label=Product&message=Vigor2960&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.5.1.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Path%20Traversal&color=brighgreen)

### Description

** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.

### POC

#### Reference
- https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-6265](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6265)`
			`![](https://img.shields.io/static/v1?label=Product&message=Vigor2960&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%201.5.1.4%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Path%20Traversal&color=brighgreen)`

			`### Description`

			` UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.`

			`### POC`

			`#### Reference`
			`- https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md`

			`#### Github`
			`No PoCs found on GitHub currently.`