Remote Code Execution Vulnerability in DrayTek Vigor Series Routers
CVE-2020-8515

9.8CRITICAL

Key Information:

Vendor: Draytek
Status: Vigor2960 Firmware
Vendor: CVE Published:; 1 February 2020

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 96%🦅 CISA Reported

Summary

DrayTek's Vigor2960, Vigor3900, and Vigor300B routers contain a serious vulnerability that allows unauthorized remote code execution. This flaw arises when users access the cgi-bin/mainfunction.cgi URI with shell metacharacters, permitting attackers to execute arbitrary commands with root privileges without any authentication. Users are advised to update their devices to version 1.5.1 or later to mitigate this security risk.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-8515-PoC
Created by imjdl

CVE-2020-8515
Created by darrenmartyn

nmap_draytek_rce
Created by truerandom