Vulnerability Details CVE-2020-14993
A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.082
EPSS Ranking 91.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/dexterone/Vigor-poc
- https://www.draytek.com/about/security-advisory
- https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29
- https://github.com/dexterone/Vigor-poc
- https://www.draytek.com/about/security-advisory
- https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29
Products affected by CVE-2020-14993
-
cpe:2.3:h:draytek:vigor2960:-
-
cpe:2.3:h:draytek:vigor300b:-
-
cpe:2.3:h:draytek:vigor3900:-
-
cpe:2.3:o:draytek:vigor2960_firmware:-
-
cpe:2.3:o:draytek:vigor2960_firmware:1.3.1
-
cpe:2.3:o:draytek:vigor2960_firmware:1.5.1
-
cpe:2.3:o:draytek:vigor300b_firmware:-
-
cpe:2.3:o:draytek:vigor300b_firmware:1.3.3
-
cpe:2.3:o:draytek:vigor300b_firmware:1.4.2.1
-
cpe:2.3:o:draytek:vigor300b_firmware:1.4.4
-
cpe:2.3:o:draytek:vigor300b_firmware:1.5.1
-
cpe:2.3:o:draytek:vigor3900_firmware:-
-
cpe:2.3:o:draytek:vigor3900_firmware:1.4.4
-
cpe:2.3:o:draytek:vigor3900_firmware:1.5.1