CVE-2020-8515
Multiple DrayTek Vigor Routers Web Management Page Vulnerability
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
CRITICAL · CVSS 9.8
⚠ CISA KEV
EPSS 0.94318
Act now
- Listed on CISA KEV (known exploited in the wild)
- SSVC exploitation status: active
- EPSS ≥ 0.50 - high probability of exploitation in the next 30 days
- EPSS percentile: top 0% of all CVEs by exploitation likelihood
- Public exploit or PoC is available
- SSVC automatable: yes - attacks can be scripted at scale
- CVSS base score ≥ 7.0
Sigma rules0
YARA rules0