CVSS: 8.8EPSS: 5%CPEs: 2EXPL: 2CVE-2020-19664
https://notcve.org/view.php?id=CVE-2020-19664
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. DrayTek Vigor2960 versión 1.5.1, permite una ejecución de comando remota por medio de metacaracteres shell en una acción toLogin2FA en el archivo mainfunction.cgi. • https://github.com/minghangshen/bug_poc https://nosec.org/home/detail/4631.html https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-%28cve-2020-19664%29 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 93%CPEs: 6EXPL: 1CVE-2020-15415 – DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-15415
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472. En los dispositivos DrayTek Vigor3900, Vigor2960 y Vigor300B versiones anteriores a 1.5.1, en el archivo cgi-bin/mainfunction.cgi/cvmcfgupload permite una ejecución de comandos remota por medio de metacaracteres de shell en un nombre de archivo cuando es usado el tipo de contenido text/x-python-script, un problema diferente de CVE-2020-14472 DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used. • https://github.com/CLP-team/Vigor-Commond-Injection https://www.draytek.com/about/security-advisory • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 2CVE-2020-14472
https://notcve.org/view.php?id=CVE-2020-14472
On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file. DrayTek Vigor3900, Vigor2960 y Vigor300B anteriores a 1.5.1.1, tiene algunas vulnerabilidades de inyección de comandos en el archivo mainfunction.cgi. • https://gist.github.com/Cossack9989/fa9718434ceee4e6d4f6b0ad672c10f1 https://gist.github.com/WinMin/46165779215f1d47ec257210428c0240 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2020-14473
https://notcve.org/view.php?id=CVE-2020-14473
Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1. Vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en Vigor3900, Vigor2960 y Vigor300B con versión de firmware anterior a 1.5.1.1 • https://github.com/Cossack9989/Vulns/blob/master/IoT/CVE-2020-14473.md https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 10%CPEs: 6EXPL: 1CVE-2020-14993
https://notcve.org/view.php?id=CVE-2020-14993
A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi. Un desbordamiento del búfer en la región stack de la memoria en los dispositivos DrayTek Vigor2960, Vigor3900 y Vigor300B versiones anteriores a 1.5.1.1, permite a atacantes remotos ejecutar código arbitrario por medio del parámetro formuserphonenumber en una acción authusersms en archivo mainfunction.cgi • https://github.com/dexterone/Vigor-poc https://www.draytek.com/about/security-advisory https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29 • CWE-787: Out-of-bounds Write •