Vulnerability Details : CVE-2020-8515
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
Vulnerability category: Execute code
Products affected by CVE-2020-8515
- cpe:2.3:o:draytek:vigor300b_firmware:1.3.3:beta:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor300b_firmware:1.4.2.1:beta:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor300b_firmware:1.4.4:beta:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor3900_firmware:1.4.4:beta:*:*:*:*:*:*
- cpe:2.3:o:draytek:vigor2960_firmware:1.3.1:beta:*:*:*:*:*:*
CVE-2020-8515 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Multiple DrayTek Vigor Routers Web Management Page Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2020-8515
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2020-8515
96.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8515
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-8515
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-8515
-
http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html
DrayTek Vigor2960 / Vigor3900 / Vigor300B Remote Command Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html
[DrayTek] - Unauthenticated RCE in Draytek Vigor 2960, 3900 and 300B (CVE-2020-8515) ~ Skull ArmyPermissions Required;Third Party Advisory
-
https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/
Vigor3900 / Vigor2960 / Vigor300B Router Web Management Page Vulnerability (CVE-2020-8515) | DrayTekExploit;Vendor Advisory
-
https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-%28cve-2020-8515%29/
Vigor3900 / Vigor2960 / Vigor300B Router Web Management Page Vulnerability (CVE-2020-8515) | DrayTekVendor Advisory
Jump to