MitreCVE-2020-15415CVE-2020-15415
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.3%
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| draytek | vigor3900_firmware | * | cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:* |
| draytek | vigor3900 | - | cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:* |
| draytek | vigor2960_firmware | * | cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:* |
| draytek | vigor2960 | - | cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:* |
| draytek | vigor300b_firmware | * | cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:* |
| draytek | vigor300b | - | cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.3%