Vector Strings
Severity Score: 5.5
Severity:
MEDIUM
Exploitability Score:
1.8
Impact Score:
3.6
Access Vector (AV):
Access Complexity (AC):
Authentication (AU): LOW
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE
Published Date: 2023-02-24
Last Modified: 2024-08-02
CVE-2023-1009
About:
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
Related CVEs
No related CVEs.
Empower Your Security Strategy with Rainforest
Discover vulnerabilities early, prioritize critical threats, and protect what truly matters. Rainforest streamlines your security operations, saving you time and reducing costs, so you can focus on what drives your business forward.
Book a Demo