Remote Code Execution Vulnerability in DrayTek Vigor Series Routers
CVE-2020-8515
Key Information:
- Vendor
Draytek
- Status
- Vendor
- CVE Published:
- 1 February 2020
Badges
What is CVE-2020-8515?
DrayTek's Vigor2960, Vigor3900, and Vigor300B routers contain a serious vulnerability that allows unauthorized remote code execution. This flaw arises when users access the cgi-bin/mainfunction.cgi URI with shell metacharacters, permitting attackers to execute arbitrary commands with root privileges without any authentication. Users are advised to update their devices to version 1.5.1 or later to mitigate this security risk.
CISA has reported CVE-2020-8515
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2020-8515 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved