Sign-up

ID

VAR-202003-0308


CVE

CVE-2020-10825


TITLE

plural Draytek Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-003409

DESCRIPTION

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3). Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. There is a buffer overflow vulnerability in the /cgi-bin/activate.cgi file in Draytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1 and Vigor300B versions prior to 1.5.1. This vulnerability stems from the program's failure to correctly check the boundary. A remote attacker can use the specially crafted HTTP request to exploit this vulnerability to execute arbitrary code on the system

Trust: 2.16

sources: NVD: CVE-2020-10825 // JVNDB: JVNDB-2020-003409 // CNVD: CNVD-2020-29580

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-29580

AFFECTED PRODUCTS

vendor:draytekmodel:vigor3900scope:ltversion:1.5.1

Trust: 1.6

vendor:draytekmodel:vigor2960scope:ltversion:1.5.1

Trust: 1.6

vendor:draytekmodel:vigor300bscope:ltversion:1.5.1

Trust: 1.6

vendor:draytekmodel:vigor2960scope:eqversion:1.5.1

Trust: 0.8

vendor:draytekmodel:vigor300bscope:eqversion:1.5.1

Trust: 0.8

vendor:draytekmodel:vigor3900scope:eqversion:1.5.1

Trust: 0.8

sources: CNVD: CNVD-2020-29580 // JVNDB: JVNDB-2020-003409 // NVD: CVE-2020-10825

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10825
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-003409
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-29580
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-1636
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-10825
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003409
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29580
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10825
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003409
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-29580 // JVNDB: JVNDB-2020-003409 // CNNVD: CNNVD-202003-1636 // NVD: CVE-2020-10825

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2020-003409 // NVD: CVE-2020-10825

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1636

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202003-1636

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003409

PATCH
title:Top Pageurl:https://www.draytek.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-003409

EXTERNAL IDS
db:NVDid:CVE-2020-10825
Trust: 3.0
db:JVNDBid:JVNDB-2020-003409
Trust: 0.8
db:CNVDid:CNVD-2020-29580
Trust: 0.6
db:CNNVDid:CNNVD-202003-1636
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-29580 // 
            
            
            
            JVNDB: JVNDB-2020-003409 // 
            
            
            
            CNNVD: CNNVD-202003-1636 // 
            
            
            
            NVD: CVE-2020-10825

REFERENCES
url:https://slashd.ga/2020/03/draytek-vulnerabilities/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-10825
Trust: 2.0
url:https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability/
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10825
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-29580 // 
            
            
            
            JVNDB: JVNDB-2020-003409 // 
            
            
            
            CNNVD: CNNVD-202003-1636 // 
            
            
            
            NVD: CVE-2020-10825

SOURCES
db:CNVDid:CNVD-2020-29580
db:JVNDBid:JVNDB-2020-003409
db:CNNVDid:CNNVD-202003-1636
db:NVDid:CVE-2020-10825

LAST UPDATE DATE
2024-11-23T23:04:27.887000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-29580date:2020-05-23T00:00:00
db:JVNDBid:JVNDB-2020-003409date:2020-04-16T00:00:00
db:CNNVDid:CNNVD-202003-1636date:2020-06-24T00:00:00
db:NVDid:CVE-2020-10825date:2024-11-21T04:56:09.103

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-29580date:2020-05-23T00:00:00
db:JVNDBid:JVNDB-2020-003409date:2020-04-16T00:00:00
db:CNNVDid:CNNVD-202003-1636date:2020-03-26T00:00:00
db:NVDid:CVE-2020-10825date:2020-03-26T17:15:23.313