CVE-2023-6265

** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md	Exploit
https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960	Product
https://www.draytek.com/products/vigor2960/	Product

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:::::::*
	cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.5:::::::*

cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-11-22 20:15

Updated : 2024-05-17 02:33

NVD link : CVE-2023-6265

Mitre link : CVE-2023-6265

CVE.ORG link : CVE-2023-6265

JSON object : View

Products Affected

draytek

vigor2960_firmware
vigor2960

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2023-6265", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725"}], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-11-22T20:15:09.600", "references": [{"url": "https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md", "tags": ["Exploit"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960", "tags": ["Product"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://www.draytek.com/products/vigor2960/", "tags": ["Product"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported."}, {"lang": "es", "value": "Draytek Vigor2960 v1.5.1.4 y v1.5.1.5 son vulnerables a directory traversal a trav\u00e9s del par\u00e1metro 'option' mainfunction.cgi dumpSyslog que permite a un atacante autenticado con acceso a la interfaz de administraci\u00f3n web eliminar archivos arbitrarios. Vigor2960 ya no es compatible."}], "lastModified": "2024-05-17T02:33:36.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "564753CE-A701-4D76-94D8-C452AF0C5E82"}, {"criteria": "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "450254FB-7A86-4405-8E1F-69E249D29C62"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725"}