A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 (Router Operating System) and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with an unknown input leads to a path traversal vulnerability. The CWE definition for the vulnerability is CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. As an impact it is known to affect confidentiality.

The weakness was shared 02/25/2023 as confirmed advisory (GitHub). It is possible to read the advisory at github.com. This vulnerability is known as CVE-2023-1163. Technical details and also a public exploit are known. The attack technique deployed by this issue is T1006 according to MITRE ATT&CK.

After immediately, there has been an exploit disclosed. It is possible to download the exploit at github.com. It is declared as proof-of-concept.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Type

• Router Operating System

Vendor

• DrayTek

Name

• Vigor 2960

Version

• 1.5.1.4
• 1.5.1.5

License

• commercial

Support

• end of life

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Submitinfo

Accepted

• Submit #94475: Draytek Vigor 2960v1.5.1.4 has arbitrary file read vulnerability in function sub_1DA58, file mainfunction.cgi (by Tmotfl)

Discussion