CVE-2020-8515

Name of the Vulnerable Software and Affected Versions DrayTek Vigor3900 versions 1.4.4 Beta and earlier DrayTek Vigor2960 versions 1.3.1 Beta and earlier DrayTek Vigor300B versions 1.3.3 Beta, 1.4.2.1 Beta, and 1.4.4 Beta

Description The issue is related to the WebUI interface of DrayTek Vigor routers, which allows remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This can be exploited by an attacker to gain unauthorized access to the system. The estimated number of potentially affected devices worldwide is not specified, but it is reported that hundreds of organizations globally have been affected by attacks exploiting this issue. Real-world incidents involve the deployment of ransomware in the networks of affected organizations to gain access to account credentials.

Recommendations For DrayTek Vigor3900 versions 1.4.4 Beta and earlier, update to version 1.5.1 or later. For DrayTek Vigor2960 versions 1.3.1 Beta and earlier, update to version 1.5.1 or later. For DrayTek Vigor300B versions 1.3.3 Beta, 1.4.2.1 Beta, and 1.4.4 Beta, update to version 1.5.1 or later. As a temporary workaround, consider restricting access to the cgi-bin/mainfunction.cgi URI to minimize the risk of exploitation.