Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-8515 PoC — Draytek Vigor2960和Vigor300B 操作系统命令注入漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/DrayTek%E4%BC%81%E4%B8%9A%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%20CVE-2020-8515.md
Associated Vulnerability
Title:Draytek Vigor2960和Vigor300B 操作系统命令注入漏洞 (CVE-2020-8515)
Description:Draytek Vigor2960和Vigor300B都是中国台湾居易科技(Draytek)公司的产品。Vigor2960是一款负载平衡路由器和VPN网关设备。Vigor300B是一款负载均衡路由器。 DrayTek Vigor2960、Vigor3900和Vigor300B中存在操作系统命令注入漏洞。攻击者可通过向cgi-bin/mainfunction.cgi URI发送shell元字符利用该漏洞不经过身份验证以root权限执行代码。以下产品及版本受到影响:DrayTek Vigor2960 1.3.
File Snapshot

 # DrayTek企业网络设备 远程命令执行 CVE-2020-8515

## 漏洞描述

DrayTek URI未能正确处理SHELL字符,远程攻击者可以利用该漏洞提交特殊的请求,可以ROOT权限

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.