CVE-2023-1009

DrayTek Vigor 2960 Web Management Interface mainfunction.cgi sub_1DF14 path traversal

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Una vulnerabilidad clasificada como problemática se ha encontrado en DrayTek Vigor 2960 1.5.1.4. Afectada es la función sub_1DF14 del archivo /cgi-bin/mainfunction.cgi. La manipulación de la opción de argumento con la entrada /.. /etc/passwd- conduce a la Path Traversal. El ataque debe realizarse dentro de la red local. El exploit ha sido divulgado al público y puede ser utilizado. VDB-221742 es el identificador asignado a esta vulnerabilidad.

Es wurde eine kritische Schwachstelle in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 entdeckt. Es geht dabei um die Funktion sub_1DF14 der Datei /cgi-bin/mainfunction.cgi der Komponente Web Management Interface. Durch Manipulation des Arguments option mit der Eingabe /../etc/passwd- mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

*Credits: Tmotfl

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-02-24 CVE Reserved
2023-02-24 CVE Published
2023-03-08 EPSS Updated
2024-08-02 CVE Updated
2024-08-02 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (2)

URL	Tag	Source
https://vuldb.com/?id.221742	Technical Description

URL	Date	SRC
https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md	2024-08-02

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Draytek Search vendor "Draytek"	Vigor2960 Firmware Search vendor "Draytek" for product "Vigor2960 Firmware"	1.5.1.4 Search vendor "Draytek" for product "Vigor2960 Firmware" and version "1.5.1.4"	-	Affected	in	Draytek Search vendor "Draytek"	Vigor2960 Search vendor "Draytek" for product "Vigor2960"	-	-	Safe

* End Of Life in some or all products. Do not expect updates.