Vulnerability Description
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Draytek | Vigor2960 Firmware | 1.5.1.4 |
| Draytek | Vigor2960 | - |
Related Weaknesses (CWE)
References
- https://github.com/sadwwcxz/VulExploitThird Party Advisory
- https://web.archive.org/web/20230315181013/https://github.com/sadwwcxz/Vul
- https://www.draytek.co.uk/support/guides/kb-remotemanagement
- https://www.draytek.com/Not Applicable
- https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2
- https://www.draytek.com/support/knowledge-base/5465
- https://github.com/sadwwcxz/VulExploitThird Party Advisory
- https://web.archive.org/web/20230315181013/https://github.com/sadwwcxz/Vul
- https://www.draytek.co.uk/support/guides/kb-remotemanagement
- https://www.draytek.com/Not Applicable
- https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2
- https://www.draytek.com/support/knowledge-base/5465
FAQ
What is CVE-2023-24229?
CVE-2023-24229 is a vulnerability with a CVSS score of 7.8 (HIGH). DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE...
How severe is CVE-2023-24229?
CVE-2023-24229 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-24229?
Check the references section above for vendor advisories and patch information. Affected products include: Draytek Vigor2960 Firmware, Draytek Vigor2960.