CVE-2020-10825

moderate-risk
Published 2020-03-26

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).

Do I need to act?

~
5.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (3)

Affected Vendors

Draytek

References (4)

Exploit https://slashd.ga/2020/03/draytek-vulnerabilities/
https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300...
Exploit https://slashd.ga/2020/03/draytek-vulnerabilities/
https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300...
49
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 9/34 · Low