12 matches found
CVE-2020-8515
DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1...
Exploit for OS Command Injection in Draytek Vigor2960_Firmware
CVE-2020-8515 Draytek CVE-2020-8515 PoC I had kicking about...
Draytek Vigor Command Injection (CVE-2020-8515)
A command injection vulnerability exists in Draytek Vigor. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
VulnCheck KEV: CVE-2020-8515
DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution...
MS-ISAC Releases Advisory on DrayTek Devices
The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory regarding two vulnerable command injection points in DrayTek devices CVE-2020-8515. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in...
Multiple DrayTek Products - Pre-authentication Remote Root Code Execution
Multiple DrayTek Products - Pre-authentication Remote Root Code Execution package main / CVE-2020-8515: DrayTek pre-auth remote root RCE Mon Mar 30 2020 - 0xsha.io Affected: DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta You should upgrade as...
Multiple DrayTek Products - Pre-authentication Remote Root Code Execution
package main / CVE-2020-8515: DrayTek pre-auth remote root RCE Mon Mar 30 2020 - 0xsha.io Affected: DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta You should upgrade as soon as possible to 1.5.1 firmware or later This issue has been fixed in...
CVE-2020-8515
creationtimestamp| type| source ---|---|--- 2020-03-27 23:08:11+00:00| exploited| https://t.me/ctinow/21855 2020-04-06 14:30:02+00:00| exploited| https://t.me/SecLabNews/7285 2020-04-10 16:33:40+00:00| exploited| https://t.me/truesecator/456 2020-07-14 09:25:17+00:00| seen|...
Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks
Cybersecurity researchers with Qihoo 360's NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report, at least two separate groups of hackers exploite...
CVE-2020-8515
DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1...
CVE-2020-8515
DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1...
CVE-2020-8515
CVE-2020-8515 affects DrayTek Vigor2960, Vigor3900 and Vigor300B devices (various Beta firmware versions) via the cgi-bin/mainfunction.cgi endpoint. The root cause is unsafely processed shell metacharacters in POST requests, enabling remote code execution with root privileges without authenticati...