CVE-2023-1009
published 2023-02-24CVE-2023-1009: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14…
PriorityP339medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
15.69%
96.4th percentile
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| draytek | vigor2960_firmware | — | — |
| draytek | vigor_2960 | — | — |
| draytek | vigor_2960 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Draytek mainfunction.cgi doCfgExport option Arbitrary File Read Attempt (CVE-2023-1009)
suricata·2024-12-18·CVSS 6.5
CVE-2023-1009 [MEDIUM] ET WEB_SPECIFIC_APPS Draytek mainfunction.cgi doCfgExport option Arbitrary File Read Attempt (CVE-2023-1009)
ET WEB_SPECIFIC_APPS Draytek mainfunction.cgi doCfgExport option Arbitrary File Read Attempt (CVE-2023-1009)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Draytek mainfunction.cgi doCfgExport option Arbitrary File Read Attempt (CVE-2023-1009)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:25; content:"/cgi-bin/mainfunction.cgi"; fast_pattern; http.request_body; content:"action|3d|doCfgExport"; content:"option|3d|"; pcre:"/^[^\x26]*?(?:(?:\x2e|%2[Ee]){1,2}(?:\x2f|\x5c|%5[Cc]|%2[Ff]){1,}){1,}/R"; content:"rtick|3d|"; reference:cve,2023-1009; reference:url,github.com/xxy1126/Vuln/blob/main/Draytek/1.md; classtype:attempted-admin; sid:2058394; rev:1; metadata:affected_product DrayTek, attack_target Networking_Equipment, tls_state plaintext, c
No public exploits indexed.
No writeups or analysis indexed.
2023-02-24
Published