A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.
References
Link | Resource |
---|---|
https://github.com/dexterone/Vigor-poc | Exploit Third Party Advisory |
https://www.draytek.com/about/security-advisory | Vendor Advisory |
https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-23T11:50:58
Updated: 2020-06-24T16:47:19
Reserved: 2020-06-23T00:00:00
Link: CVE-2020-14993
JSON object: View
NVD Information
Status : Modified
Published: 2020-06-23T12:15:13.503
Modified: 2023-11-07T03:17:23.410
Link: CVE-2020-14993
JSON object: View
Redhat Information
No data.
CWE