#VU25350 Improper Neutralization of Special Elements in Output Used by a Downstream Component in DrayTek Corp. products - CVE-2020-8515
Published: February 14, 2020 / Updated: September 14, 2022
Vulnerability identifier: #VU25350
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2020-8515
CWE-ID: CWE-74
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Vigor 2960
Vigor 3900
Vigor 300B
Vigor 2960
Vigor 3900
Vigor 300B
Software vendor:
DrayTek Corp.
DrayTek Corp.
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the affected devices allow remote code execution as root (without authentication) via shell metacharacters to the "cgi-bin/mainfunction.cgi" URI.
Note, this vulnerability is being actively exploited in the wild starting from December 4, 2019.
Remediation
Install updates from vendor's website.
External links
- https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html
- https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/
- https://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/