漏洞描述
DrayTek Vigor2960、Vigor3900和Vigor300B中存在安全漏洞。攻击者可通过向cgi-bin/mainfunction.cgiURI发送shell元字符利用该漏洞不经过身份验证以root权限执行代码。以下产品及版本受到影响:DrayTek Vigor29601.3.1_Beta版本;Vigor3900 1.4.4_Beta版本;Vigor300B1.3.3_Beta版本,1.4.2.1_Beta版本,1.4.4_Beta版本。
DrayTek Vigor2960、Vigor3900和Vigor300B 命令注入漏洞(CVE-2020-8515)
PoC代码
暂无相关漏洞推荐
-
CVE-2020-15415: DrayTek Vigor - Command Injection POC
2025-08-01 | DrayTek VigorDrayTek Vigor devices contain a command injection vulnerability in the cvmcfgupload functionality. T... -
CVE-2021-20123: Draytek VigorConnect 1.6.0-B - Local File Inclusion POC
2025-08-01 | Draytek VigorConnect 1.6.0-BDraytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functional... -
CVE-2021-20124: Draytek VigorConnect 6.0-B3 - Local File Inclusion POC
2025-08-01 | Draytek VigorConnect 6.0-B3Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functional... -
CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC
2025-09-01 | Nexus Repository漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager" -
CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal POC
2025-09-01 | LimeSurveyLimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a...