cvelist/2023/1xxx/CVE-2023-1163.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-1163",
        "ASSIGNER": "cna@vuldb.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and classified as problematic. Affected by this vulnerability is the function sub_1DA58 of the file mainfunction.cgi. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259."
            },
            {
                "lang": "deu",
                "value": "In DrayTek Vigor 2960 1.5.1.4 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es die Funktion sub_1DA58 der Datei mainfunction.cgi. Durch Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-22 Path Traversal",
                        "cweId": "CWE-22"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "DrayTek",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Vigor 2960",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "1.5.1.4"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://vuldb.com/?id.222259",
                "refsource": "MISC",
                "name": "https://vuldb.com/?id.222259"
            },
            {
                "url": "https://vuldb.com/?ctiid.222259",
                "refsource": "MISC",
                "name": "https://vuldb.com/?ctiid.222259"
            },
            {
                "url": "https://github.com/xxy1126/Vuln/blob/main/Draytek/3.md",
                "refsource": "MISC",
                "name": "https://github.com/xxy1126/Vuln/blob/main/Draytek/3.md"
            }
        ]
    },
    "credits": [
        {
            "lang": "en",
            "value": "Tmotfl (VulDB User)"
        }
    ],
    "impact": {
        "cvss": [
            {
                "version": "3.1",
                "baseScore": 4.3,
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "baseSeverity": "MEDIUM"
            },
            {
                "version": "3.0",
                "baseScore": 4.3,
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "baseSeverity": "MEDIUM"
            },
            {
                "version": "2.0",
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"
            }
        ]
    }
}