Directory traversal

2023-11-2220:15:00

PRIOn knowledge base

www.prio-n.com

directory traversal

web management interface

arbitrary files deletion

vulnerability

draytek vigor2960

nvd

7.1 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.3%

JSON

UNSUPPORTED WHEN ASSIGNED Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog ‘option’ parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.

CPENameOperatorVersion
vigor2960_firmwareeq1.5.1.4
vigor2960_firmwareeq1.5.1.5

CPE	Name	Operator	Version
	vigor2960_firmware	eq	1.5.1.4
	vigor2960_firmware	eq	1.5.1.5

References

github.com/xxy1126/Vuln/blob/main/Draytek/4.md

www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960

www.draytek.com/products/vigor2960/