Описание
** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.
Ссылки
- Exploit
- Product
- Product
- Exploit
- Product
- Product
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:*:*:*:*:*:*:*
cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.5:*:*:*:*:*:*:*
cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00321
Низкий
6.5 Medium
CVSS3
8.1 High
CVSS3
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 6.5
github
около 2 лет назад
Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.
EPSS
Процентиль: 55%
0.00321
Низкий
6.5 Medium
CVSS3
8.1 High
CVSS3
Дефекты
CWE-22
CWE-22