Design/Logic Flaw

2020-12-3102:15:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

High

0.042 Low

EPSS

Percentile

92.3%

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.

CPENameOperatorVersion
vigor2960_firmwarele1.5.1

CPE	Name	Operator	Version
	vigor2960_firmware	le	1.5.1

References

github.com/minghangshen/bug_poc

nosec.org/home/detail/4631.html

www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-%28cve-2020-19664%29/