CVE-2020-14993

Published: Jun 23, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi.

Affected (3)

Products: Draytek: Vigor300b Firmware, Vigor2960 Firmware, Vigor3900 Firmware

3 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor300b Firmware	Before 1.5.1.1

Running on/with	Platform Versions
Draytek Vigor300b	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor2960 Firmware	Before 1.5.1.1

Running on/with	Platform Versions
Draytek Vigor2960	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Draytek Vigor3900 Firmware	Before 1.5.1.1

Running on/with	Platform Versions
Draytek Vigor3900	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

https://github.com/dexterone/Vigor-poc

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.draytek.com/about/security-advisory

Source: cve@mitre.org

Vendor Advisory

https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29

Source: cve@mitre.org

https://github.com/dexterone/Vigor-poc

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.draytek.com/about/security-advisory

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-stack-based-buffer-overflow-vulnerability-%28cve-2020-14473%29

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.