Lucene search

9119a7d8-5eab-497f-8521-727c672e3725NVD:CVE-2023-6265

HistoryNov 22, 2023 - 8:15 p.m.

CVE-2023-6265

2023-11-2220:15:09

CWE-22

9119a7d8-5eab-497f-8521-727c672e3725

web.nvd.nist.gov

cve-2023-6265

draytek vigor2960

directory traversal

web management interface

authenticated attacker

unsupported

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

0.0005 Low

EPSS

Percentile

17.3%

JSON

UNSUPPORTED WHEN ASSIGNED Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog ‘option’ parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.

Affected configurations

NVD

Node

draytekvigor2960_firmwareMatch1.5.1.4

draytekvigor2960_firmwareMatch1.5.1.5

AND

draytekvigor2960Match-

References

github.com/xxy1126/Vuln/blob/main/Draytek/4.md

www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960

www.draytek.com/products/vigor2960/

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

0.0005 Low

EPSS

Percentile

17.3%

JSON

Related for NVD:CVE-2023-6265