CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15415

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.931

EPSS Ranking 99.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

Proposed Action

DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used.

Ransomware Campaign

Unknown

References

Products affected by CVE-2020-15415

Draytek » Vigor2960 » Version: N/A

cpe:2.3:h:draytek:vigor2960:-
Draytek » Vigor300b » Version: N/A

cpe:2.3:h:draytek:vigor300b:-
Draytek » Vigor3900 » Version: N/A

cpe:2.3:h:draytek:vigor3900:-
Draytek » Vigor2960 Firmware » Version: N/A

cpe:2.3:o:draytek:vigor2960_firmware:-
Draytek » Vigor2960 Firmware » Version: 1.0.6

cpe:2.3:o:draytek:vigor2960_firmware:1.0.6
Draytek » Vigor2960 Firmware » Version: 1.0.6.1

cpe:2.3:o:draytek:vigor2960_firmware:1.0.6.1
Draytek » Vigor2960 Firmware » Version: 1.0.6.2

cpe:2.3:o:draytek:vigor2960_firmware:1.0.6.2
Draytek » Vigor2960 Firmware » Version: 1.0.7

cpe:2.3:o:draytek:vigor2960_firmware:1.0.7
Draytek » Vigor2960 Firmware » Version: 1.0.7.1

cpe:2.3:o:draytek:vigor2960_firmware:1.0.7.1
Draytek » Vigor2960 Firmware » Version: 1.0.8

cpe:2.3:o:draytek:vigor2960_firmware:1.0.8
Draytek » Vigor2960 Firmware » Version: 1.0.8.1

cpe:2.3:o:draytek:vigor2960_firmware:1.0.8.1
Draytek » Vigor2960 Firmware » Version: 1.0.8.2

cpe:2.3:o:draytek:vigor2960_firmware:1.0.8.2
Draytek » Vigor2960 Firmware » Version: 1.0.9

cpe:2.3:o:draytek:vigor2960_firmware:1.0.9
Draytek » Vigor2960 Firmware » Version: 1.0.9.1

cpe:2.3:o:draytek:vigor2960_firmware:1.0.9.1
Draytek » Vigor2960 Firmware » Version: 1.1.0

cpe:2.3:o:draytek:vigor2960_firmware:1.1.0
Draytek » Vigor2960 Firmware » Version: 1.1.0.1

cpe:2.3:o:draytek:vigor2960_firmware:1.1.0.1
Draytek » Vigor2960 Firmware » Version: 1.1.0.2

cpe:2.3:o:draytek:vigor2960_firmware:1.1.0.2
Draytek » Vigor2960 Firmware » Version: 1.2.0

cpe:2.3:o:draytek:vigor2960_firmware:1.2.0
Draytek » Vigor2960 Firmware » Version: 1.2.1

cpe:2.3:o:draytek:vigor2960_firmware:1.2.1
Draytek » Vigor2960 Firmware » Version: 1.2.2

cpe:2.3:o:draytek:vigor2960_firmware:1.2.2
Draytek » Vigor2960 Firmware » Version: 1.3.0

cpe:2.3:o:draytek:vigor2960_firmware:1.3.0
Draytek » Vigor2960 Firmware » Version: 1.3.1

cpe:2.3:o:draytek:vigor2960_firmware:1.3.1
Draytek » Vigor2960 Firmware » Version: 1.3.2

cpe:2.3:o:draytek:vigor2960_firmware:1.3.2
Draytek » Vigor2960 Firmware » Version: 1.3.2.1

cpe:2.3:o:draytek:vigor2960_firmware:1.3.2.1
Draytek » Vigor2960 Firmware » Version: 1.3.3

cpe:2.3:o:draytek:vigor2960_firmware:1.3.3
Draytek » Vigor2960 Firmware » Version: 1.3.3.1

cpe:2.3:o:draytek:vigor2960_firmware:1.3.3.1
Draytek » Vigor2960 Firmware » Version: 1.3.3.2

cpe:2.3:o:draytek:vigor2960_firmware:1.3.3.2
Draytek » Vigor2960 Firmware » Version: 1.4.0

cpe:2.3:o:draytek:vigor2960_firmware:1.4.0
Draytek » Vigor2960 Firmware » Version: 1.4.1

cpe:2.3:o:draytek:vigor2960_firmware:1.4.1
Draytek » Vigor2960 Firmware » Version: 1.4.2.1

cpe:2.3:o:draytek:vigor2960_firmware:1.4.2.1
Draytek » Vigor2960 Firmware » Version: 1.4.3

cpe:2.3:o:draytek:vigor2960_firmware:1.4.3
Draytek » Vigor2960 Firmware » Version: 1.4.4

cpe:2.3:o:draytek:vigor2960_firmware:1.4.4
Draytek » Vigor2960 Firmware » Version: 1.5.0

cpe:2.3:o:draytek:vigor2960_firmware:1.5.0
Draytek » Vigor300b Firmware » Version: N/A

cpe:2.3:o:draytek:vigor300b_firmware:-
Draytek » Vigor300b Firmware » Version: 1.0.7

cpe:2.3:o:draytek:vigor300b_firmware:1.0.7
Draytek » Vigor300b Firmware » Version: 1.0.8

cpe:2.3:o:draytek:vigor300b_firmware:1.0.8
Draytek » Vigor300b Firmware » Version: 1.0.8.2

cpe:2.3:o:draytek:vigor300b_firmware:1.0.8.2
Draytek » Vigor300b Firmware » Version: 1.0.9

cpe:2.3:o:draytek:vigor300b_firmware:1.0.9
Draytek » Vigor300b Firmware » Version: 1.0.9.1

cpe:2.3:o:draytek:vigor300b_firmware:1.0.9.1
Draytek » Vigor300b Firmware » Version: 1.1.0

cpe:2.3:o:draytek:vigor300b_firmware:1.1.0
Draytek » Vigor300b Firmware » Version: 1.1.0.2

cpe:2.3:o:draytek:vigor300b_firmware:1.1.0.2
Draytek » Vigor300b Firmware » Version: 1.2.0

cpe:2.3:o:draytek:vigor300b_firmware:1.2.0
Draytek » Vigor300b Firmware » Version: 1.2.1

cpe:2.3:o:draytek:vigor300b_firmware:1.2.1
Draytek » Vigor300b Firmware » Version: 1.2.2

cpe:2.3:o:draytek:vigor300b_firmware:1.2.2
Draytek » Vigor300b Firmware » Version: 1.3.0

cpe:2.3:o:draytek:vigor300b_firmware:1.3.0
Draytek » Vigor300b Firmware » Version: 1.3.1

cpe:2.3:o:draytek:vigor300b_firmware:1.3.1
Draytek » Vigor300b Firmware » Version: 1.3.2

cpe:2.3:o:draytek:vigor300b_firmware:1.3.2
Draytek » Vigor300b Firmware » Version: 1.3.3

cpe:2.3:o:draytek:vigor300b_firmware:1.3.3
Draytek » Vigor300b Firmware » Version: 1.3.3.1

cpe:2.3:o:draytek:vigor300b_firmware:1.3.3.1
Draytek » Vigor300b Firmware » Version: 1.3.3.2

cpe:2.3:o:draytek:vigor300b_firmware:1.3.3.2
Draytek » Vigor300b Firmware » Version: 1.4.0

cpe:2.3:o:draytek:vigor300b_firmware:1.4.0
Draytek » Vigor300b Firmware » Version: 1.4.1

cpe:2.3:o:draytek:vigor300b_firmware:1.4.1
Draytek » Vigor300b Firmware » Version: 1.4.2.1

cpe:2.3:o:draytek:vigor300b_firmware:1.4.2.1
Draytek » Vigor300b Firmware » Version: 1.4.3

cpe:2.3:o:draytek:vigor300b_firmware:1.4.3
Draytek » Vigor300b Firmware » Version: 1.4.4

cpe:2.3:o:draytek:vigor300b_firmware:1.4.4
Draytek » Vigor3900 Firmware » Version: N/A

cpe:2.3:o:draytek:vigor3900_firmware:-
Draytek » Vigor3900 Firmware » Version: 1.4.4

cpe:2.3:o:draytek:vigor3900_firmware:1.4.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15415

Products

Pricing

Contact Us