← volver
CVE-2023-6265

DrayTek Vigor2960 mainfunction.cgi dumpSyslog 'option' directory traversal

CVSS 6.5 MEDIUMEPSS 1.8%CWE-22
** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Productos afectados
DrayTek · Vigor2960

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/xxy1126/Vuln/blob/main/Draytek/4.mdhttps://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960https://www.draytek.com/products/vigor2960/