Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-8515
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Draytek Vigor2960和Vigor300B 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Draytek Vigor2960和Vigor300B都是中国台湾居易科技(Draytek)公司的产品。Vigor2960是一款负载平衡路由器和VPN网关设备。Vigor300B是一款负载均衡路由器。 DrayTek Vigor2960、Vigor3900和Vigor300B中存在操作系统命令注入漏洞。攻击者可通过向cgi-bin/mainfunction.cgi URI发送shell元字符利用该漏洞不经过身份验证以root权限执行代码。以下产品及版本受到影响:DrayTek Vigor2960 1.3.
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2020-8515
#POC DescriptionSource LinkShenlong Link
1CVE-2020-8515-PoChttps://github.com/imjdl/CVE-2020-8515-PoCPOC Details
2nmap script to detect CVE-2020-8515 on Draytek Deviceshttps://github.com/truerandom/nmap_draytek_rcePOC Details
3Draytek CVE-2020-8515 PoChttps://github.com/darrenmartyn/CVE-2020-8515POC Details
4DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-8515.yamlPOC Details
5Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/DrayTek%E4%BC%81%E4%B8%9A%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%20CVE-2020-8515.mdPOC Details
6Nonehttps://github.com/chaitin/xray-plugins/blob/main/poc/manual/draytek-cve-2020-8515.ymlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-8515
Please Login to view more intelligence information
New Vulnerabilities
Product: n/a
Vendor: n/a
V. Comments for CVE-2020-8515

No comments yet

Leave a comment