CVE-2023-1009 - Vulnerability Details - OpenCVE

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Draytek	Vigor2960 Vigor2960 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:*:*:*:*:*:*:*

cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md
https://vuldb.com/?ctiid.221742
https://vuldb.com/?id.221742

History

Tue, 11 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-02-24T10:31:15.666Z

Updated: 2025-03-11T15:50:04.228Z

Reserved: 2023-02-24T10:29:42.964Z

Link: CVE-2023-1009

Vulnrichment

Updated: 2024-08-02T05:32:46.217Z

NVD

Status : Modified

Published: 2023-02-24T11:15:10.997

Modified: 2024-11-21T07:38:16.820

Link: CVE-2023-1009

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1009", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-02-24T10:29:42.964Z", "datePublished": "2023-02-24T10:31:15.666Z", "dateUpdated": "2025-03-11T15:50:04.228Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-11-22T20:43:41.869Z"}, "title": "DrayTek Vigor 2960 Web Management Interface mainfunction.cgi sub_1DF14 path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Path Traversal"}]}], "affected": [{"vendor": "DrayTek", "product": "Vigor 2960", "versions": [{"version": "1.5.1.4", "status": "affected"}, {"version": "1.5.1.5", "status": "affected"}], "modules": ["Web Management Interface"]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "de", "value": "Es wurde eine kritische Schwachstelle in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 entdeckt. Es geht dabei um die Funktion sub_1DF14 der Datei /cgi-bin/mainfunction.cgi der Komponente Web Management Interface. Durch Manipulation des Arguments option mit der Eingabe /../etc/passwd- mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2023-02-18T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-02-18T00:00:00.000Z", "lang": "en", "value": "Exploit disclosed"}, {"time": "2023-02-24T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-02-24T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-11-22T21:47:58.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Tmotfl (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.221742", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.221742", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md", "tags": ["exploit"]}], "tags": ["unsupported-when-assigned"]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:32:46.217Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.221742", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.221742", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md", "tags": ["exploit", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-11T15:49:59.538312Z", "id": "CVE-2023-1009", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T15:50:04.228Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.221742", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.221742", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:32:46.217Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-1009", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-11T15:49:59.538312Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T15:49:28.974Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "DrayTek Vigor 2960 Web Management Interface mainfunction.cgi sub_1DF14 path traversal", "credits": [{"lang": "en", "type": "analyst", "value": "Tmotfl (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "affected": [{"vendor": "DrayTek", "modules": ["Web Management Interface"], "product": "Vigor 2960", "versions": [{"status": "affected", "version": "1.5.1.4"}, {"status": "affected", "version": "1.5.1.5"}]}], "timeline": [{"lang": "en", "time": "2023-02-18T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2023-02-18T00:00:00.000Z", "value": "Exploit disclosed"}, {"lang": "en", "time": "2023-02-24T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2023-02-24T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2023-11-22T21:47:58.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.221742", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.221742", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "de", "value": "Es wurde eine kritische Schwachstelle in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 entdeckt. Es geht dabei um die Funktion sub_1DF14 der Datei /cgi-bin/mainfunction.cgi der Komponente Web Management Interface. Durch Manipulation des Arguments option mit der Eingabe /../etc/passwd- mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-11-22T20:43:41.869Z"}}}, "cveMetadata": {"cveId": "CVE-2023-1009", "state": "PUBLISHED", "dateUpdated": "2025-03-11T15:50:04.228Z", "dateReserved": "2023-02-24T10:29:42.964Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2023-02-24T10:31:15.666Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:draytek:vigor2960_firmware:1.5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "564753CE-A701-4D76-94D8-C452AF0C5E82", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:draytek:vigor2960:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FDA3905-67DD-4F31-AFCF-014F1D7CCC1F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "cna@vuldb.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "Una vulnerabilidad clasificada como problem\u00e1tica se ha encontrado en DrayTek Vigor 2960 1.5.1.4. Afectada es la funci\u00f3n sub_1DF14 del archivo /cgi-bin/mainfunction.cgi. La manipulaci\u00f3n de la opci\u00f3n de argumento con la entrada /.. /etc/passwd- conduce a la Path Traversal. El ataque debe realizarse dentro de la red local. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado. VDB-221742 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2023-1009", "lastModified": "2024-11-21T07:38:16.820", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-24T11:15:10.997", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.221742"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.221742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/xxy1126/Vuln/blob/main/Draytek/1.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.221742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.221742"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Secondary"}]}