CVE-2023-6265
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| DrayTek | Vigor2960 | 1.5.1.4 | affected |
| DrayTek | Vigor2960 | 1.5.1.5 | affected |
Weaknesses
- CWE-22: CWE-22 Path Traversal
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md
- https://www.draytek.com/products/vigor2960/
- https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960
References
- https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md
- https://www.draytek.com/products/vigor2960/
- https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.