Vulnerability Description
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Draytek | Vigor2960 Firmware | 1.5.1.4 |
| Draytek | Vigor2960 | - |
Related Weaknesses (CWE)
References
- https://github.com/xxy1126/Vuln/blob/main/Draytek/1.mdExploitThird Party Advisory
- https://vuldb.com/?ctiid.221742Permissions Required
- https://vuldb.com/?id.221742Third Party Advisory
- https://github.com/xxy1126/Vuln/blob/main/Draytek/1.mdExploitThird Party Advisory
- https://vuldb.com/?ctiid.221742Permissions Required
- https://vuldb.com/?id.221742Third Party Advisory
FAQ
What is CVE-2023-1009?
CVE-2023-1009 is a vulnerability with a CVSS score of 6.5 (MEDIUM). ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of...
How severe is CVE-2023-1009?
CVE-2023-1009 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-1009?
Check the references section above for vendor advisories and patch information. Affected products include: Draytek Vigor2960 Firmware, Draytek Vigor2960.