ID

VAR-202311-1790


CVE

CVE-2023-6265


TITLE

DrayTek Corporation  of  Vigor2960  Path traversal vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-018271

DESCRIPTION

** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported. ** Not supported ** This is a vulnerability in an unsupported product. DrayTek Corporation of Vigor2960 A path traversal vulnerability exists in firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-6265 // JVNDB: JVNDB-2023-018271 // VULMON: CVE-2023-6265

AFFECTED PRODUCTS

vendor:draytekmodel:vigor2960scope:eqversion:1.5.1.5

Trust: 1.0

vendor:draytekmodel:vigor2960scope:eqversion:1.5.1.4

Trust: 1.0

vendor:draytekmodel:vigor2960scope: - version: -

Trust: 0.8

vendor:draytekmodel:vigor2960scope:eqversion:vigor2960 firmware 1.5.1.5

Trust: 0.8

vendor:draytekmodel:vigor2960scope:eqversion: -

Trust: 0.8

vendor:draytekmodel:vigor2960scope:eqversion:vigor2960 firmware 1.5.1.4

Trust: 0.8

sources: JVNDB: JVNDB-2023-018271 // NVD: CVE-2023-6265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-6265
value: HIGH

Trust: 1.0

9119a7d8-5eab-497f-8521-727c672e3725: CVE-2023-6265
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-6265
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2023-6265
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

9119a7d8-5eab-497f-8521-727c672e3725: CVE-2023-6265
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2023-6265
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-018271 // NVD: CVE-2023-6265 // NVD: CVE-2023-6265

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-018271 // NVD: CVE-2023-6265

EXTERNAL IDS

db:NVDid:CVE-2023-6265

Trust: 2.7

db:JVNDBid:JVNDB-2023-018271

Trust: 0.8

db:VULMONid:CVE-2023-6265

Trust: 0.1

sources: VULMON: CVE-2023-6265 // JVNDB: JVNDB-2023-018271 // NVD: CVE-2023-6265

REFERENCES

url:https://github.com/xxy1126/vuln/blob/main/draytek/4.md

Trust: 1.9

url:https://www.draytek.com/products/vigor2960/

Trust: 1.9

url:https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-6265

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-6265 // JVNDB: JVNDB-2023-018271 // NVD: CVE-2023-6265

SOURCES

db:VULMONid:CVE-2023-6265
db:JVNDBid:JVNDB-2023-018271
db:NVDid:CVE-2023-6265

LAST UPDATE DATE

2024-08-14T13:52:03.418000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-6265date:2023-11-24T00:00:00
db:JVNDBid:JVNDB-2023-018271date:2024-01-11T01:53:00
db:NVDid:CVE-2023-6265date:2024-08-02T09:15:35.073

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-6265date:2023-11-22T00:00:00
db:JVNDBid:JVNDB-2023-018271date:2024-01-11T00:00:00
db:NVDid:CVE-2023-6265date:2023-11-22T20:15:09.600