CVE-2023-6265

Summary

** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.

Affected Software

VendorProductVersion RangeStatus
DrayTekVigor29601.5.1.4affected
DrayTekVigor29601.5.1.5affected

Weaknesses

  • CWE-22: CWE-22 Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References