xxy1126

27 exploits Active since Aug 2022
CVE-2023-1163 WRITEUP MEDIUM WRITEUP
Draytek Vigor 2960 Firmware - Path Traversal
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 6.5
CVE-2023-6265 WRITEUP MEDIUM WRITEUP
Draytek Vigor2960 <1.5.1.4-1.5.1.5 - Path Traversal
** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported.
CVSS 6.5