Vulnerability Details CVE-2020-14993
A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.066
EPSS Ranking 90.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/dexterone/Vigor-poc
- https://www.draytek.com/about/security-advisory
- https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29
- https://github.com/dexterone/Vigor-poc
- https://www.draytek.com/about/security-advisory
- https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29
Products affected by CVE-2020-14993
-
cpe:2.3:h:draytek:vigor2960:-
-
cpe:2.3:h:draytek:vigor300b:-
-
cpe:2.3:h:draytek:vigor3900:-
-
cpe:2.3:o:draytek:vigor2960_firmware:-
-
cpe:2.3:o:draytek:vigor2960_firmware:1.0.6
-
cpe:2.3:o:draytek:vigor2960_firmware:1.0.6.1
-
cpe:2.3:o:draytek:vigor2960_firmware:1.0.6.2
-
cpe:2.3:o:draytek:vigor2960_firmware:1.0.7
-
cpe:2.3:o:draytek:vigor2960_firmware:1.0.7.1
-
cpe:2.3:o:draytek:vigor2960_firmware:1.0.8
-
cpe:2.3:o:draytek:vigor2960_firmware:1.0.8.1
-
cpe:2.3:o:draytek:vigor2960_firmware:1.0.8.2
-
cpe:2.3:o:draytek:vigor2960_firmware:1.0.9
-
cpe:2.3:o:draytek:vigor2960_firmware:1.0.9.1
-
cpe:2.3:o:draytek:vigor2960_firmware:1.1.0
-
cpe:2.3:o:draytek:vigor2960_firmware:1.1.0.1
-
cpe:2.3:o:draytek:vigor2960_firmware:1.1.0.2
-
cpe:2.3:o:draytek:vigor2960_firmware:1.2.0
-
cpe:2.3:o:draytek:vigor2960_firmware:1.2.1
-
cpe:2.3:o:draytek:vigor2960_firmware:1.2.2
-
cpe:2.3:o:draytek:vigor2960_firmware:1.3.0
-
cpe:2.3:o:draytek:vigor2960_firmware:1.3.1
-
cpe:2.3:o:draytek:vigor2960_firmware:1.3.2
-
cpe:2.3:o:draytek:vigor2960_firmware:1.3.2.1
-
cpe:2.3:o:draytek:vigor2960_firmware:1.3.3
-
cpe:2.3:o:draytek:vigor2960_firmware:1.3.3.1
-
cpe:2.3:o:draytek:vigor2960_firmware:1.3.3.2
-
cpe:2.3:o:draytek:vigor2960_firmware:1.4.0
-
cpe:2.3:o:draytek:vigor2960_firmware:1.4.1
-
cpe:2.3:o:draytek:vigor2960_firmware:1.4.2.1
-
cpe:2.3:o:draytek:vigor2960_firmware:1.4.3
-
cpe:2.3:o:draytek:vigor2960_firmware:1.4.4
-
cpe:2.3:o:draytek:vigor2960_firmware:1.5.0
-
cpe:2.3:o:draytek:vigor2960_firmware:1.5.1
-
cpe:2.3:o:draytek:vigor300b_firmware:-
-
cpe:2.3:o:draytek:vigor300b_firmware:1.0.7
-
cpe:2.3:o:draytek:vigor300b_firmware:1.0.8
-
cpe:2.3:o:draytek:vigor300b_firmware:1.0.8.2
-
cpe:2.3:o:draytek:vigor300b_firmware:1.0.9
-
cpe:2.3:o:draytek:vigor300b_firmware:1.0.9.1
-
cpe:2.3:o:draytek:vigor300b_firmware:1.1.0
-
cpe:2.3:o:draytek:vigor300b_firmware:1.1.0.2
-
cpe:2.3:o:draytek:vigor300b_firmware:1.2.0
-
cpe:2.3:o:draytek:vigor300b_firmware:1.2.1
-
cpe:2.3:o:draytek:vigor300b_firmware:1.2.2
-
cpe:2.3:o:draytek:vigor300b_firmware:1.3.0
-
cpe:2.3:o:draytek:vigor300b_firmware:1.3.1
-
cpe:2.3:o:draytek:vigor300b_firmware:1.3.2
-
cpe:2.3:o:draytek:vigor300b_firmware:1.3.3
-
cpe:2.3:o:draytek:vigor300b_firmware:1.3.3.1
-
cpe:2.3:o:draytek:vigor300b_firmware:1.3.3.2
-
cpe:2.3:o:draytek:vigor300b_firmware:1.4.0
-
cpe:2.3:o:draytek:vigor300b_firmware:1.4.1
-
cpe:2.3:o:draytek:vigor300b_firmware:1.4.2.1
-
cpe:2.3:o:draytek:vigor300b_firmware:1.4.3
-
cpe:2.3:o:draytek:vigor300b_firmware:1.4.4
-
cpe:2.3:o:draytek:vigor300b_firmware:1.5.1
-
cpe:2.3:o:draytek:vigor3900_firmware:-
-
cpe:2.3:o:draytek:vigor3900_firmware:1.4.4
-
cpe:2.3:o:draytek:vigor3900_firmware:1.5.1