ID

VAR-202002-1447


CVE

CVE-2020-8515


TITLE

plural DrayTek Product injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-001735

DESCRIPTION

DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1. plural DrayTek The product contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor300B is an enterprise router. DrayTek Vigor300B cgi-bin / mainfunction.cgi URI does not handle SHELL characters correctly. Remote attackers can use this vulnerability to submit special requests and can execute arbitrary commands with ROOT permissions

Trust: 2.25

sources: NVD: CVE-2020-8515 // JVNDB: JVNDB-2020-001735 // CNVD: CNVD-2020-08128 // VULMON: CVE-2020-8515

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-08128

AFFECTED PRODUCTS

vendor:draytekmodel:vigor3900scope:eqversion:1.4.4

Trust: 1.0

vendor:draytekmodel:vigor300bscope:eqversion:1.4.2.1

Trust: 1.0

vendor:draytekmodel:vigor300bscope:eqversion:1.3.3

Trust: 1.0

vendor:draytekmodel:vigor2960scope:eqversion:1.3.1

Trust: 1.0

vendor:draytekmodel:vigor300bscope:eqversion:1.4.4

Trust: 1.0

vendor:draytekmodel:vigor2960scope:eqversion:1.3.1_beta

Trust: 0.8

vendor:draytekmodel:vigor300bscope:eqversion:1.3.3_beta

Trust: 0.8

vendor:draytekmodel:vigor300bscope:eqversion:1.4.2.1_beta

Trust: 0.8

vendor:draytekmodel:vigor300bscope:eqversion:1.4.4_beta

Trust: 0.8

vendor:draytekmodel:vigor3900scope:eqversion:1.4.4_beta

Trust: 0.8

vendor:draytekmodel:vigor300b 1.4.4 betascope: - version: -

Trust: 0.6

vendor:draytekmodel:vigor300b 1.3.3 betascope: - version: -

Trust: 0.6

vendor:draytekmodel:vigor300b 1.4.2.1 betascope: - version: -

Trust: 0.6

vendor:draytekmodel:vigor2960 1.3.1 betascope: - version: -

Trust: 0.6

vendor:draytekmodel:vigor3900 1.4.4 betascope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-08128 // JVNDB: JVNDB-2020-001735 // NVD: CVE-2020-8515

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8515
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-001735
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-08128
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-001
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-8515
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-8515
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-001735
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-08128
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-8515
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-001735
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-08128 // VULMON: CVE-2020-8515 // JVNDB: JVNDB-2020-001735 // CNNVD: CNNVD-202002-001 // NVD: CVE-2020-8515

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2020-001735 // NVD: CVE-2020-8515

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-001

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202002-001

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001735

PATCH

title:Vulnerability (CVE-2020-8515)url:https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/

Trust: 0.8

title:Patch for DrayTek Vigor Series Arbitrary Command Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/200739

Trust: 0.6

title:CVE-2020-8515url:https://github.com/darrenmartyn/CVE-2020-8515

Trust: 0.1

title:CVE-2020-8515-PoCurl:https://github.com/imjdl/CVE-2020-8515-PoC

Trust: 0.1

title:nmap_draytek_rceurl:https://github.com/truerandom/nmap_draytek_rce

Trust: 0.1

title:Homework-of-Pythonurl:https://github.com/3gstudent/Homework-of-Python

Trust: 0.1

title:Awesome iot security resourceurl:https://github.com/f0cus77/awesome-iot-security-resource

Trust: 0.1

title:Awesome iot security resourceurl:https://github.com/f1tao/awesome-iot-security-resource

Trust: 0.1

title:https://github.com/k8gege/Ladonurl:https://github.com/k8gege/Ladon

Trust: 0.1

sources: CNVD: CNVD-2020-08128 // VULMON: CVE-2020-8515 // JVNDB: JVNDB-2020-001735

EXTERNAL IDS

db:NVDid:CVE-2020-8515

Trust: 3.1

db:PACKETSTORMid:156979

Trust: 1.6

db:JVNDBid:JVNDB-2020-001735

Trust: 0.8

db:CNVDid:CNVD-2020-08128

Trust: 0.6

db:CXSECURITYid:WLB-2020040007

Trust: 0.6

db:EXPLOIT-DBid:48268

Trust: 0.6

db:CNNVDid:CNNVD-202002-001

Trust: 0.6

db:VULMONid:CVE-2020-8515

Trust: 0.1

sources: CNVD: CNVD-2020-08128 // VULMON: CVE-2020-8515 // JVNDB: JVNDB-2020-001735 // CNNVD: CNNVD-202002-001 // NVD: CVE-2020-8515

REFERENCES

url:https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html

Trust: 2.2

url:http://packetstormsecurity.com/files/156979/draytek-vigor2960-vigor3900-vigor300b-remote-command-execution.html

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-8515

Trust: 1.4

url:https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-%28cve-2020-8515%29/

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8515

Trust: 0.8

url:https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2020040007

Trust: 0.6

url:https://www.exploit-db.com/exploits/48268

Trust: 0.6

sources: CNVD: CNVD-2020-08128 // JVNDB: JVNDB-2020-001735 // CNNVD: CNNVD-202002-001 // NVD: CVE-2020-8515

CREDITS

0xsha

Trust: 0.6

sources: CNNVD: CNNVD-202002-001

SOURCES

db:CNVDid:CNVD-2020-08128
db:VULMONid:CVE-2020-8515
db:JVNDBid:JVNDB-2020-001735
db:CNNVDid:CNNVD-202002-001
db:NVDid:CVE-2020-8515

LAST UPDATE DATE

2024-11-23T22:55:17.082000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-08128date:2020-02-14T00:00:00
db:VULMONid:CVE-2020-8515date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-001735date:2020-02-21T00:00:00
db:CNNVDid:CNNVD-202002-001date:2022-01-04T00:00:00
db:NVDid:CVE-2020-8515date:2024-11-21T05:38:58.720

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-08128date:2020-02-14T00:00:00
db:VULMONid:CVE-2020-8515date:2020-02-01T00:00:00
db:JVNDBid:JVNDB-2020-001735date:2020-02-21T00:00:00
db:CNNVDid:CNNVD-202002-001date:2020-02-01T00:00:00
db:NVDid:CVE-2020-8515date:2020-02-01T13:15:12.623