← voltar
CVE-2023-6265

DrayTek Vigor2960 mainfunction.cgi dumpSyslog 'option' directory traversal

CVSS 6.5 MEDIUMEPSS 1.8%CWE-22
** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
DrayTek · Vigor2960

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/xxy1126/Vuln/blob/main/Draytek/4.mdhttps://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960https://www.draytek.com/products/vigor2960/