Sign-up

ID

VAR-202302-2018


CVE

CVE-2023-1009


TITLE

DrayTek Vigor2960 Path traversal vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202302-1984

DESCRIPTION

A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/password leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability

Trust: 0.99

sources: NVD: CVE-2023-1009 // VULMON: CVE-2023-1009

AFFECTED PRODUCTS

vendor:draytekmodel:vigor2960scope:eqversion:1.5.1.4

Trust: 1.0

sources: NVD: CVE-2023-1009

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-1009
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202302-1984
value: MEDIUM

Trust: 0.6

NVD: CVE-2023-1009
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202302-1984 // NVD: CVE-2023-1009

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

sources: NVD: CVE-2023-1009

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1984

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202302-1984

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-1009

EXTERNAL IDS
db:VULDBid:221742
Trust: 1.7
db:NVDid:CVE-2023-1009
Trust: 1.7
db:CNNVDid:CNNVD-202302-1984
Trust: 0.6
db:VULMONid:CVE-2023-1009
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-1009 // 
            
            
            
            CNNVD: CNNVD-202302-1984 // 
            
            
            
            NVD: CVE-2023-1009

REFERENCES
url:https://github.com/xxy1126/vuln/blob/main/draytek/1.md
Trust: 1.7
url:https://vuldb.com/?ctiid.221742
Trust: 1.7
url:https://vuldb.com/?id.221742
Trust: 1.7
url:https://cxsecurity.com/cveshow/cve-2023-1009/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/22.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-1009 // 
            
            
            
            CNNVD: CNNVD-202302-1984 // 
            
            
            
            NVD: CVE-2023-1009

SOURCES
db:VULMONid:CVE-2023-1009
db:CNNVDid:CNNVD-202302-1984
db:NVDid:CVE-2023-1009

LAST UPDATE DATE
2023-03-09T22:39:04.694000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-1009date:2023-02-24T00:00:00
db:CNNVDid:CNNVD-202302-1984date:2023-03-07T00:00:00
db:NVDid:CVE-2023-1009date:2023-03-06T18:01:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-1009date:2023-02-24T00:00:00
db:CNNVDid:CNNVD-202302-1984date:2023-02-24T00:00:00
db:NVDid:CVE-2023-1009date:2023-02-24T11:15:00