Vulnerability CVE-2020-8515
Published: 2020-02-01

Description:
DrayTek Vigor2960 1.3.1_Beta; Vigor3900 1.4.4_Beta; and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI.

See advisories in our WLB2 database:
Topic
Author
Date
High
DrayTek Vigor2960 / Vigor3900 / Vigor300B Remote Command Execution
0xsha
02.04.2020

Type:

CWE-78

 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 References:
https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html
Copyright 2025, cxsecurity.com

 

Back to Top