← back
CVE-2023-6265

DrayTek Vigor2960 mainfunction.cgi dumpSyslog 'option' directory traversal

CVSS 6.5 MEDIUMEPSS 1.8%CWE-22
** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
DrayTek · Vigor2960

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/xxy1126/Vuln/blob/main/Draytek/4.mdhttps://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960https://www.draytek.com/products/vigor2960/