Lucene search

[email protected]NVD:CVE-2020-10826

HistoryMar 26, 2020 - 5:15 p.m.

CVE-2020-10826

2020-03-2617:15:23

CWE-77

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.6%

JSON

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.

Affected configurations

NVD

Node

draytekvigor300b_firmwareRange<1.5.1

AND

draytekvigor300bMatch-

Node

draytekvigor3900_firmwareRange<1.5.1

AND

draytekvigor3900Match-

Node

draytekvigor2960_firmwareRange<1.5.1

AND

draytekvigor2960Match-

References

slashd.ga/2020/03/draytek-vulnerabilities/

www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.6%

JSON

Related for NVD:CVE-2020-10826

prion1 cve1 attackerkb1 cvelist1 checkpoint_advisories1