Lucene search
+L

12 matches found

redhatcve
redhatcve
added 2025/05/22 5:13 p.m.16 views

CVE-2020-8515

DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1...

10CVSS8.1AI score0.99993EPSS
Exploits7References1
githubexploit
githubexploit
added 2021/09/01 10:47 p.m.426 views

Exploit for OS Command Injection in Draytek Vigor2960_Firmware

CVE-2020-8515 Draytek CVE-2020-8515 PoC I had kicking about...

10CVSS9.3AI score0.99993EPSS
Exploits7
checkpoint_advisories
checkpoint_advisories
added 2020/05/07 12:0 a.m.10 views

Draytek Vigor Command Injection (CVE-2020-8515)

A command injection vulnerability exists in Draytek Vigor. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS6.1AI score0.99993EPSS
Exploits7
vulncheck_kev
vulncheck_kev
added 2020/04/03 12:0 a.m.7 views

VulnCheck KEV: CVE-2020-8515

DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution...

10CVSS7.6AI score0.99993EPSS
Exploits7References1
cisa
cisa
added 2020/04/01 12:0 a.m.37 views

MS-ISAC Releases Advisory on DrayTek Devices

The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory regarding two vulnerable command injection points in DrayTek devices CVE-2020-8515. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in...

10CVSS9.8AI score0.99993EPSS
Exploits7References2
exploitpack
exploitpack
added 2020/03/30 12:0 a.m.203 views

Multiple DrayTek Products - Pre-authentication Remote Root Code Execution

Multiple DrayTek Products - Pre-authentication Remote Root Code Execution package main / CVE-2020-8515: DrayTek pre-auth remote root RCE Mon Mar 30 2020 - 0xsha.io Affected: DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta You should upgrade as...

10CVSS0.3AI score0.99993EPSS
Exploits7
exploitdb
exploitdb
added 2020/03/30 12:0 a.m.483 views

Multiple DrayTek Products - Pre-authentication Remote Root Code Execution

package main / CVE-2020-8515: DrayTek pre-auth remote root RCE Mon Mar 30 2020 - 0xsha.io Affected: DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta You should upgrade as soon as possible to 1.5.1 firmware or later This issue has been fixed in...

10CVSS9.6AI score0.99993EPSS
Exploits7
circl
circl
added 2020/03/27 11:8 p.m.26 views

CVE-2020-8515

creationtimestamp| type| source ---|---|--- 2020-03-27 23:08:11+00:00| exploited| https://t.me/ctinow/21855 2020-04-06 14:30:02+00:00| exploited| https://t.me/SecLabNews/7285 2020-04-10 16:33:40+00:00| exploited| https://t.me/truesecator/456 2020-07-14 09:25:17+00:00| seen|...

10CVSS7.5AI score0.99993EPSS
In wildExploits7References17
thn
thn
added 2020/03/27 9:22 p.m.139 views

Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks

Cybersecurity researchers with Qihoo 360's NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report, at least two separate groups of hackers exploite...

10CVSS1.4AI score0.99993EPSS
Exploits7
nvd
nvd
added 2020/02/01 1:15 p.m.20 views

CVE-2020-8515

DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1...

10CVSS9.8AI score0.99993EPSS
Exploits7References4
vulnrichment
vulnrichment
added 2020/02/01 12:36 p.m.14 views

CVE-2020-8515

DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1...

10AI score0.99993EPSS
Exploits7References3
cve
cve
added 2020/02/01 12:36 p.m.1530 views

CVE-2020-8515

CVE-2020-8515 affects DrayTek Vigor2960, Vigor3900 and Vigor300B devices (various Beta firmware versions) via the cgi-bin/mainfunction.cgi endpoint. The root cause is unsafely processed shell metacharacters in POST requests, enabling remote code execution with root privileges without authenticati...

10CVSS9.6AI score0.99993EPSS
In wildExploits7References4Affected Software1
Rows per page
Query Builder