Home / Early Warning / Vulnerabilities / CVE-2020-10824

CVE-2020-10824

Type: 
Out-of-bounds Write
Severity: 
High
Publication date: 
03/26/2020
Last modified: 
03/30/2020
Description
A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:draytek:vigor300b_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:draytek:vigor2960_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*
  • cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:*
  • cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
Explanation of fields