CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8515

DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.944

EPSS Ranking 100.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

Proposed Action

DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.

Ransomware Campaign

Unknown

References

Products affected by CVE-2020-8515

Draytek » Vigor2960 » Version: N/A

cpe:2.3:h:draytek:vigor2960:-
Draytek » Vigor300b » Version: N/A

cpe:2.3:h:draytek:vigor300b:-
Draytek » Vigor3900 » Version: N/A

cpe:2.3:h:draytek:vigor3900:-
Draytek » Vigor2960 Firmware » Version: 1.3.1

cpe:2.3:o:draytek:vigor2960_firmware:1.3.1
Draytek » Vigor300b Firmware » Version: 1.3.3

cpe:2.3:o:draytek:vigor300b_firmware:1.3.3
Draytek » Vigor300b Firmware » Version: 1.4.2.1

cpe:2.3:o:draytek:vigor300b_firmware:1.4.2.1
Draytek » Vigor300b Firmware » Version: 1.4.4

cpe:2.3:o:draytek:vigor300b_firmware:1.4.4
Draytek » Vigor3900 Firmware » Version: 1.4.4

cpe:2.3:o:draytek:vigor3900_firmware:1.4.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8515

Products

Pricing

Contact Us