Security for everyone

CVE-2020-8515 Scanner

Detects 'Remote Code Execution (RCE)' vulnerability in DrayTek Vigor2960, Vigor3900, Vigor300B affects v. Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

30 sec

Scan only one

Url

Source

-

The DrayTek Vigor2960, Vigor3900, and Vigor300B devices are multi-WAN routers suitable for small and medium businesses that require reliable and secure VPN connectivity. These routers feature high-performance hardware, advanced security protocols, and a user-friendly web interface that allows network administrators to configure complex network setups with just a few clicks. The DrayTek routers are used by companies for critical applications such as remote working, video conferencing, and cloud computing.

The CVE-2020-8515 vulnerability detected in DrayTek routers allows remote code execution as a root user without the need for authentication. This vulnerability can be exploited through shell metacharacters to the cgi-bin/mainfunction.cgi URI. Hackers can send a malicious payload to the router, which the device automatically processes and executes. This vulnerability may lead to severe damage to the victim's network, including data loss, data theft, and network shutdown.

When exploited, CVE-2020-8515 vulnerability can enable attackers to gain root privileges, bypass security checks, and execute arbitrary code on the affected DrayTek routers. This means attackers can take complete control of both the router and the network that the router serves, leading to all network traffic being intercepted and exposed. Breaching the security of the network can result in a loss of sensitive information, ultimately exposing the company to financial and reputational damage.

Thanks to the pro features of the securityforeveryone.com platform, businesses can easily and quickly learn about vulnerabilities in their digital assets. By subscribing to the platform, network administrators can receive real-time alerts about vulnerability threats and take immediate action to mitigate the risks associated with such vulnerabilities. With an emphasis on proactive security measures, the securityforeveryone.com platform helps businesses protect their networks, markets, and reputation, ensuring their continued success in the digital world.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture