CVE-2020-8515 PoC — Draytek Vigor2960和Vigor300B 操作系统命令注入漏洞

Source

https://github.com/truerandom/nmap_draytek_rce

Associated Vulnerability

Title:Draytek Vigor2960和Vigor300B 操作系统命令注入漏洞 (CVE-2020-8515)
Description:Draytek Vigor2960和Vigor300B都是中国台湾居易科技（Draytek）公司的产品。Vigor2960是一款负载平衡路由器和VPN网关设备。Vigor300B是一款负载均衡路由器。 DrayTek Vigor2960、Vigor3900和Vigor300B中存在操作系统命令注入漏洞。攻击者可通过向cgi-bin/mainfunction.cgi URI发送shell元字符利用该漏洞不经过身份验证以root权限执行代码。以下产品及版本受到影响：DrayTek Vigor2960 1.3.

Description

nmap script to detect CVE-2020-8515 on Draytek Devices

Readme

# nmap_draytek_rce
nmap script to detect CVE-2020-8515 on Draytek Devices

File Snapshot


 [4.0K]  /data/pocs/1bdd03a81472fa986a1d149f7ca325b08bf19250
├── [4.8K]  http-draytek-rce.nse
└── [  74]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!