Submit #94475: Draytek Vigor 2960v1.5.1.4 has arbitrary file read vulnerability in function sub_1DA58, file mainfunction.cgi info

TitleDraytek Vigor 2960v1.5.1.4 has arbitrary file read vulnerability in function sub_1DA58, file mainfunction.cgi
DescriptionThis vulnerability is affect Product: Draytek Vigor 2960 v1.5.1.4(the newest version), Frimware download link: https://fw.draytek.com.tw/Vigor2960/Firmware/v1.5.1.4/Vigor2960_v1.5.1.4.zip This arbitrary file read vulnerability in function sub_1DA58, file mainfunction.cgi. It doesn’t filter the var `option`, so we can use `/../`to read arbitrary file.
Source⚠️ https://github.com/xxy1126/Vuln/blob/main/Draytek/3.md
User
 Tmotfl (UID 41304)
Submission02/25/2023 07:29 (3 years ago)
Moderation03/03/2023 07:49 (6 days later)
StatusAccepted
VulDB entry222259 [DrayTek Vigor 2960 1.5.1.4/1.5.1.5 Web Management Interface mainfunction.cgi getSyslogFile option path traversal]
Points19

PreviousOverviewNext