CVE-2020-8515 - OpenCVE

DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Draytek	Vigor2960 Firmware Vigor2960 Vigor3900 Vigor3900 Firmware Vigor300b Vigor300b Firmware

Configuration 1 [-]

AND

cpe:2.3:o:draytek:vigor2960_firmware:1.3.1:beta:*:*:*:*:*:*

cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:draytek:vigor300b_firmware:1.3.3:beta::::::
	cpe:2.3:o:draytek:vigor300b_firmware:1.4.2.1:beta::::::
	cpe:2.3:o:draytek:vigor300b_firmware:1.4.4:beta::::::

cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:draytek:vigor3900_firmware:1.4.4:beta:*:*:*:*:*:*

cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html	Exploit Third Party Advisory VDB Entry
https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html	Third Party Advisory
https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-%28cve-2020-8515%29/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-01T12:36:59

Updated: 2020-03-31T16:06:04

Reserved: 2020-02-01T00:00:00

Link: CVE-2020-8515

JSON object: View

NVD Information

Status : Modified

Published: 2020-02-01T13:15:12.623

Modified: 2023-11-07T03:26:36.773

Link: CVE-2020-8515

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-31T16:06:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-%28cve-2020-8515%29/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-8515", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html", "refsource": "MISC", "url": "https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html"}, {"name": "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/", "refsource": "MISC", "url": "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/"}, {"name": "http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-8515", "datePublished": "2020-02-01T12:36:59", "dateReserved": "2020-02-01T00:00:00", "dateUpdated": "2020-03-31T16:06:04", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Multiple DrayTek Vigor Routers Web Management Page Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2960_firmware:1.3.1:beta:*:*:*:*:*:*", "matchCriteriaId": "A0446969-43B3-46A1-81A2-EBB22EAA3C01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor300b_firmware:1.3.3:beta:*:*:*:*:*:*", "matchCriteriaId": "6D18DBBE-382C-4047-8E37-95EC99D321A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:draytek:vigor300b_firmware:1.4.2.1:beta:*:*:*:*:*:*", "matchCriteriaId": "ABA6F900-F922-45FB-B7B5-DC558BE1A8ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:draytek:vigor300b_firmware:1.4.4:beta:*:*:*:*:*:*", "matchCriteriaId": "45DDB337-B522-4ED4-9266-C73882C1A30B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA5B988D-ED1A-4CBF-8B34-C5B03A55ED52", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor3900_firmware:1.4.4:beta:*:*:*:*:*:*", "matchCriteriaId": "42BB787F-2B02-4AAB-B381-5184B5629B70", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEECFBBC-5551-4135-9194-4216A39B04B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1."}, {"lang": "es", "value": "Los dispositivos DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta y Vigor300B 1.3.3_Beta, 1.4.2.1_Beta y 1.4.4_Beta permiten la ejecuci\u00f3n remota de c\u00f3digo como root (sin autenticaci\u00f3n) a trav\u00e9s de metacaracteres de shell al URI cgi-bin / mainfunction.cgi . Este problema se ha solucionado en Vigor3900 / 2960 / 300B v1.5.1."}], "id": "CVE-2020-8515", "lastModified": "2023-11-07T03:26:36.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-01T13:15:12.623", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html"}, {"source": "cve@mitre.org", "url": "https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-%28cve-2020-8515%29/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}