Improper Neutralization of Special Elements in Output Used by a Downstream Component in DrayTek Corp. products - CVE-2020-8515
Published: February 14, 2020 / Updated: September 14, 2022
Vulnerability identifier: #VU25350
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2020-8515
CWE-ID: CWE-74
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: DrayTek Corp.
Affected software:
Vigor 2960
Vigor 3900
Vigor 300B
Vigor 2960
Vigor 3900
Vigor 300B
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the affected devices allow remote code execution as root (without authentication) via shell metacharacters to the "cgi-bin/mainfunction.cgi" URI.
Note, this vulnerability is being actively exploited in the wild starting from December 4, 2019.
How to mitigate CVE-2020-8515
Install updates from vendor's website.
Sources
- https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html
- https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/
- https://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/