CVE-2023-6265 - OpenCVE

** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Draytek	Vigor2960 Vigor2960 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:::::::*
	cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.5:::::::*

cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md
https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960
https://www.draytek.com/products/vigor2960/

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisa-cg

Published: 2023-11-22T19:47:07.692Z

Updated: 2024-08-02T08:28:20.179Z

Reserved: 2023-11-22T19:31:54.376Z

Link: CVE-2023-6265

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-22T20:15:09.600

Modified: 2024-08-02T09:15:35.073

Link: CVE-2023-6265

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6265", "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "state": "PUBLISHED", "assignerShortName": "cisa-cg", "dateReserved": "2023-11-22T19:31:54.376Z", "datePublished": "2023-11-22T19:47:07.692Z", "dateUpdated": "2024-08-02T08:28:20.179Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Vigor2960", "vendor": "DrayTek", "versions": [{"status": "affected", "version": "1.5.1.4"}, {"status": "affected", "version": "1.5.1.5"}]}], "datePublic": "2023-02-25T05:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported."}], "value": "** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg", "dateUpdated": "2023-12-19T21:00:05.632Z"}, "references": [{"tags": ["exploit"], "url": "https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md"}, {"tags": ["product"], "url": "https://www.draytek.com/products/vigor2960/"}, {"tags": ["product"], "url": "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960"}], "source": {"discovery": "EXTERNAL"}, "tags": ["unsupported-when-assigned"], "title": "DrayTek Vigor2960 mainfunction.cgi dumpSyslog 'option' directory traversal", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:28:20.179Z"}, "title": "CVE Program Container", "references": [{"tags": ["exploit", "x_transferred"], "url": "https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md"}, {"tags": ["product", "x_transferred"], "url": "https://www.draytek.com/products/vigor2960/"}, {"tags": ["product", "x_transferred"], "url": "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "564753CE-A701-4D76-94D8-C452AF0C5E82", "vulnerable": true}, {"criteria": "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "450254FB-7A86-4405-8E1F-69E249D29C62", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported."}, {"lang": "es", "value": "Draytek Vigor2960 v1.5.1.4 y v1.5.1.5 son vulnerables a directory traversal a trav\u00e9s del par\u00e1metro 'option' mainfunction.cgi dumpSyslog que permite a un atacante autenticado con acceso a la interfaz de administraci\u00f3n web eliminar archivos arbitrarios. Vigor2960 ya no es compatible."}], "id": "CVE-2023-6265", "lastModified": "2024-08-02T09:15:35.073", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}]}, "published": "2023-11-22T20:15:09.600", "references": [{"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Exploit"], "url": "https://github.com/xxy1126/Vuln/blob/main/Draytek/4.md"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Product"], "url": "https://www.draytek.com/about/newsroom/2021/2021/end-of-life-notification-vigor2960"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Product"], "url": "https://www.draytek.com/products/vigor2960/"}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}]}