Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-15415 PoC — DrayTek Vigor3900、Vigor2960和Vigor300B 操作系统命令注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-15415.yaml
Associated Vulnerability
Title:DrayTek Vigor3900、Vigor2960和Vigor300B 操作系统命令注入漏洞 (CVE-2020-15415)
Description:DrayTek Vigor3900等都是中国台湾居易科技(DrayTek)公司的产品。DrayTek Vigor3900是一款宽带路由器/VPN网关设备。Vigor2960是一款负载平衡路由器和VPN网关设备。Vigor300B是一款负载均衡路由器。 DrayTek Vigor3900、Vigor2960和Vigor300B 1.5.1之前版本中存在安全漏洞。攻击者可借助shell元字符利用该漏洞执行命令。
Description
DrayTek Vigor devices contain a command injection vulnerability in the cvmcfgupload functionality. The vulnerability allows remote attackers to execute arbitrary commands through specially crafted requests to the /cgi-bin/mainfunction.cgi/cvmcfgupload endpoint.
File Snapshot

 id: CVE-2020-15415

info:
  name: DrayTek Vigor - Command Injection
  author: ritikchaddha
  severit

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.